From c9f07c9f5c71475680f09875034bcf8ab4d04fae Mon Sep 17 00:00:00 2001
From: Garvan Keeley <garvankeeley@gmail.com>
Date: Wed, 8 Jul 2020 20:01:37 -0400
Subject: [PATCH] Bugzilla 1649159: RTL char bug in downloaded file name

---
 Client/Frontend/Browser/DownloadQueue.swift | 8 +++++++-
 ClientTests/StringExtensionsTests.swift     | 8 ++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/Client/Frontend/Browser/DownloadQueue.swift b/Client/Frontend/Browser/DownloadQueue.swift
index 27f78507cd77..087f42829cae 100644
--- a/Client/Frontend/Browser/DownloadQueue.swift
+++ b/Client/Frontend/Browser/DownloadQueue.swift
@@ -68,6 +68,12 @@ class HTTPDownload: Download {
 
     private var resumeData: Data?
 
+    // Used to avoid name spoofing using Unicode RTL char to change file extension
+    public static func stripUnicode(fromFilename string: String) -> String {
+        let allowed = CharacterSet.alphanumerics.union(CharacterSet.punctuationCharacters)
+        return string.components(separatedBy: allowed.inverted).joined()
+     }
+
     init(preflightResponse: URLResponse, request: URLRequest) {
         self.preflightResponse = preflightResponse
         self.request = request
@@ -75,7 +81,7 @@ class HTTPDownload: Download {
         super.init()
 
         if let filename = preflightResponse.suggestedFilename {
-            self.filename = filename
+            self.filename = HTTPDownload.stripUnicode(fromFilename: filename)
         }
 
         if let mimeType = preflightResponse.mimeType {
diff --git a/ClientTests/StringExtensionsTests.swift b/ClientTests/StringExtensionsTests.swift
index e6c01aa03fd4..0def274b27f7 100644
--- a/ClientTests/StringExtensionsTests.swift
+++ b/ClientTests/StringExtensionsTests.swift
@@ -4,6 +4,7 @@
 
 import Foundation
 import XCTest
+@testable import Client
 
 class StringExtensionsTests: XCTestCase {
 
@@ -51,4 +52,11 @@ class StringExtensionsTests: XCTestCase {
         roundtripTest("http://mozilla.com/?a=foo&b=bar", "http://mozilla.com/%3Fa%3Dfoo%26b%3Dbar")
     }
 
+    func testRemoveUnicodeFromFilename() {
+        let file = "foo-\u{200F}cod.jpg" // Unicode RTL-switch code, becomes "foo-gpj.doc"
+        let nounicode = "foo-cod.jpg"
+        XCTAssert(file != nounicode)
+        let strip = HTTPDownload.stripUnicode(fromFilename: file)
+        XCTAssert(strip == nounicode)
+    }
 }