cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CB-7890) Validate file copy operations in plugman
Date Thu, 30 Oct 2014 21:29:34 GMT

    [ https://issues.apache.org/jira/browse/CB-7890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14190882#comment-14190882
] 

ASF GitHub Bot commented on CB-7890:
------------------------------------

Github user shazron commented on the pull request:

    https://github.com/apache/cordova-lib/pull/116#issuecomment-61172837
  
    Patched: https://github.com/apache/cordova-lib/commit/281aee737dbe5143c9cb5957359ed5df6298a154
    You can close this PR now.


> Validate file copy operations in plugman
> ----------------------------------------
>
>                 Key: CB-7890
>                 URL: https://issues.apache.org/jira/browse/CB-7890
>             Project: Apache Cordova
>          Issue Type: Improvement
>          Components: CordovaLib
>            Reporter: Brett Rudd
>            Assignee: Brett Rudd
>            Priority: Critical
>
> Currently plugman fileCopy:
> 1) allows absolute src and target elements to locations outside the plugin directory
and/or project directory
> 2) follows and allow copying of symlinks to files outside the plugin directory
> To fix i would suggest:
> 1) throw on any resolved target location outside of the project dir
> 2) throw on any resolved src not inside the plugin dir
> 3) allow symlinks inside the plugins dir (common platform agnostic assets etc.) but it
MUST point to a location also inside the plugin directory.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org


Mime
View raw message