XSRF header for register/unregister.

Tight maps URL regex.

android/AndroidManifest.xml

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
       package="com.google.android.apps.chrometophone"
-      android:versionCode="1"
+      android:versionCode="3"
-      android:versionName="1.0">
+      android:versionName="1.2">
     <!-- Only this application can receive the messages and registration result -->    
     <permission android:name="com.google.android.apps.chrometophone.permission.C2D_MESSAGE" android:protectionLevel="signature" />
     <uses-permission android:name="com.google.android.apps.chrometophone.permission.C2D_MESSAGE" />

android/src/com/google/android/apps/chrometophone/C2DMReceiver.java

@@ -38,7 +38,6 @@ import android.text.ClipboardManager;
 import com.google.android.c2dm.C2DMBaseReceiver;
 
 public class C2DMReceiver extends C2DMBaseReceiver {
-
     public C2DMReceiver() {
         super(DeviceRegistrar.SENDER_ID);
     }
@@ -119,12 +118,10 @@ public class C2DMReceiver extends C2DMBaseReceiver {
         } else {
             final String GMM_PACKAGE_NAME = "com.google.android.apps.maps";
             final String GMM_CLASS_NAME = "com.google.android.maps.MapsActivity";
-            boolean isMapsURL = url.startsWith("http://maps.google.") ||
-                    url.matches("^http://www\\.google\\.[a-z\\.]+/maps");
 
             intent = new Intent(Intent.ACTION_VIEW, Uri.parse(url));
             intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
-            if (isMapsURL) {
+            if (isMapsURL(url)) {
                 intent.setClassName(GMM_PACKAGE_NAME, GMM_CLASS_NAME);
             }
 
@@ -170,10 +167,15 @@ public class C2DMReceiver extends C2DMBaseReceiver {
 
    private String parseTelephoneNumber(String sel) {
        String number = null;
-       if (sel != null && sel.matches("^([Tt]el[:]?)?\\s?[+]?(\\(?[0-9|\\s|-]\\)?)+$")) {
+       if (sel != null && sel.matches("([Tt]el[:]?)?\\s?[+]?(\\(?[0-9|\\s|-]\\)?)+")) {
            String elements[] = sel.split("([Tt]el[:]?)");
            number = elements.length > 1 ? elements[1] : elements[0];
        }
        return number;
    }
+
+   private boolean isMapsURL(String url) {
+       return url.matches("http://maps\\.google\\.[a-z]{2,3}(\\.[a-z]{2})?[/?].*") ||
+               url.matches("http://www\\.google\\.[a-z]{2,3}(\\.[a-z]{2})?/maps.*");
+   }
 }

android/src/com/google/android/apps/chrometophone/DeviceRegistrar.java

@@ -171,12 +171,11 @@ public class DeviceRegistrar {
         HttpPost post = new HttpPost(uri);
         List<NameValuePair> formparams = new ArrayList<NameValuePair>();
         formparams.add(new BasicNameValuePair("devregid", deviceRegistrationID));
-        // XSRF - needs to be verified by server.
-        formparams.add(new BasicNameValuePair("token", ascidCookie));
         UrlEncodedFormEntity entity =
             new UrlEncodedFormEntity(formparams, "UTF-8");
         post.setEntity(entity);
         post.setHeader("Cookie", ascidCookie);
+        post.setHeader("X-Same-Domain", "1");  // XSRF
         res = client.execute(post);
         return res;
     }