[CB-5960] File API mishandles relative URLs that traverse directories above the FS root - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

Filesystem URLs should not be able to use ".." path components to reach outside of their sandbox. From the File API, ".." relative to a path resolves to the paths parent directory, and the parent directory of the filesystem root is itself.

So, if root is a DirectoryEntry representing the root of a filesystem, then

root.getFile("../file.txt", ...);

and

root.getFile("/file.txt", ...);

should resolve to the same file.

root.getDirectory("subdir_a/subdir_b", function(entry) {
    entry.getFile("../file.txt", ...);
}, ...);

should resolve to "/subdir_a/file.txt"

Attachments

Issue Links

is related to

CB-5721 App crashed if invoke root.getFile() and use "../resolve.file.uri" as fileNames!

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Ian Clelland

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 31/Jan/14 21:49

Updated:: 23/Aug/18 07:30

Resolved:: 04/Feb/14 14:40