MOBILE-3163 core: Check site URL when treating pluginfile URLs

src/classes/site.ts

@@ -1404,8 +1404,8 @@ export class CoreSite {
             return false;
         }
 
-        const siteUrl = this.textUtils.removeEndingSlash(this.urlUtils.removeProtocolAndWWW(this.siteUrl));
+        const siteUrl = this.textUtils.addEndingSlash(this.urlUtils.removeProtocolAndWWW(this.siteUrl));
-        url = this.urlUtils.removeProtocolAndWWW(url);
+        url = this.textUtils.addEndingSlash(this.urlUtils.removeProtocolAndWWW(url));
 
         return url.indexOf(siteUrl) == 0;
     }

src/providers/utils/text.ts

@@ -75,6 +75,24 @@ export class CoreTextUtilsProvider {
     constructor(private translate: TranslateService, private langProvider: CoreLangProvider, private modalCtrl: ModalController,
             private sanitizer: DomSanitizer, private platform: Platform) { }
 
+    /**
+     * Add ending slash from a path or URL.
+     *
+     * @param {string} text Text to treat.
+     * @return {string} Treated text.
+     */
+    addEndingSlash(text: string): string {
+        if (!text) {
+            return '';
+        }
+
+        if (text.slice(-1) != '/') {
+            return text + '/';
+        }
+
+        return text;
+    }
+
     /**
      * Given an address as a string, return a URL to open the address in maps.
      *

src/providers/utils/url.ts

@@ -121,8 +121,8 @@ export class CoreUrlUtilsProvider {
             return url;
         }
 
-        // Check if is a valid URL (contains the pluginfile endpoint).
+        // Check if is a valid URL (contains the pluginfile endpoint) and belongs to the site.
-        if (!this.isPluginFileUrl(url)) {
+        if (!this.isPluginFileUrl(url) || url.indexOf(this.textUtils.addEndingSlash(siteUrl)) !== 0) {
             return url;
         }