[folks] eds: Ignore non-local URIs for photos for security reasons

[Philip Withnall <pwithnall src gnome org>]

commit 3caef48df30d25cb3445d3b45551c6ccb3656d23
Author: Philip Withnall <philip tecnocode co uk>
Date:   Wed Aug 13 23:57:18 2014 +0100

    eds: Ignore non-local URIs for photos for security reasons
    
    We can’t entirely trust the URIs provided to us in contacts, and they
    could reference huge photos which we really don’t want to download (and
    incur huge bandwidth bills). Since non-local URIs are really rare, it
    seems reasonable to ignore them entirely, avoiding the security issue.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=697695

 backends/eds/lib/edsf-persona.vala |   13 +++++++++++++
 1 files changed, 13 insertions(+), 0 deletions(-)
---
diff --git a/backends/eds/lib/edsf-persona.vala b/backends/eds/lib/edsf-persona.vala
index 52ef961..0a2c9bd 100644
--- a/backends/eds/lib/edsf-persona.vala
+++ b/backends/eds/lib/edsf-persona.vala
@@ -1523,6 +1523,19 @@ public class Edsf.Persona : Folks.Persona,
                 return null;
               }
 
+            /* Ignore non-local files, or we could end up downloading huge
+             * pictures that we really don’t want. Non-local URI-based contact
+             * photos are rare anyway.
+             *
+             * See: https://bugzilla.gnome.org/show_bug.cgi?id=697695 */
+            var scheme = Uri.parse_scheme (uri);
+            if (scheme == null || scheme != "file")
+              {
+                warning ("Ignoring contact photo with URI ‘%s’ because it’s " +
+                    "not a local file.", uri);
+                return null;
+              }
+
             return new FileIcon (File.new_for_uri ((!) uri));
           case ContactPhotoType.INLINED:
             var data = p.get_inlined ();