corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1354308 - Entries API must support patches containing '..', r=froydnj

Browse Source
This commit is contained in:
Andrea Marchesini
2017-04-26 15:13:43 +02:00
parent a8ade68c7b
commit 456182cef9
3 changed files with 46 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
dom/filesystem/FileSystemSecurity.cpp
View File

@@ -89,9 +89,17 @@ FileSystemSecurity::ContentProcessHasAccessTo(ContentParentId aId,
MOZ_ASSERT(NS_IsMainThread()); MOZ_ASSERT(NS_IsMainThread());
AssertIsInMainProcess(); AssertIsInMainProcess();
if (FindInReadable(NS_LITERAL_STRING(".."), aPath)) { #if defined(XP_WIN)
if (StringBeginsWith(aPath, NS_LITERAL_STRING("..\\")) ||
FindInReadable(NS_LITERAL_STRING("\\..\\"), aPath)) {
return false; return false;
} }
#elif defined(XP_UNIX)
if (StringBeginsWith(aPath, NS_LITERAL_STRING("../")) ||
FindInReadable(NS_LITERAL_STRING("/../"), aPath)) {
return false;
}
#endif
nsTArray<nsString>* paths; nsTArray<nsString>* paths;
if (!mPaths.Get(aId, &paths)) { if (!mPaths.Get(aId, &paths)) {

10
dom/filesystem/compat/tests/script_entries.js
View File

@@ -28,13 +28,21 @@ addMessageListener("entries.open", function (e) {
dir1.create(Components.interfaces.nsIFile.DIRECTORY_TYPE, 0o700); dir1.create(Components.interfaces.nsIFile.DIRECTORY_TYPE, 0o700);
var file2 = dir1.clone(); var file2 = dir1.clone();
file2.append('bar.txt'); file2.append('bar..txt'); // Note the double ..
file2.create(Components.interfaces.nsIFile.NORMAL_FILE_TYPE, 0o600); file2.create(Components.interfaces.nsIFile.NORMAL_FILE_TYPE, 0o600);
var dir2 = dir1.clone(); var dir2 = dir1.clone();
dir2.append('subsubdir'); dir2.append('subsubdir');
dir2.create(Components.interfaces.nsIFile.DIRECTORY_TYPE, 0o700); dir2.create(Components.interfaces.nsIFile.DIRECTORY_TYPE, 0o700);
var dir3 = tmpDir.clone();
dir3.append('..subdir..');
dir3.create(Components.interfaces.nsIFile.DIRECTORY_TYPE, 0o700);
var file3 = dir3.clone();
file3.append('bar.txt');
file3.create(Components.interfaces.nsIFile.NORMAL_FILE_TYPE, 0o600);
File.createFromNsIFile(tmpFile).then(function(file) { File.createFromNsIFile(tmpFile).then(function(file) {
sendAsyncMessage("entries.opened", { sendAsyncMessage("entries.opened", {
data: [ new Directory(tmpDir.path), file ] data: [ new Directory(tmpDir.path), file ]

34
dom/filesystem/compat/tests/test_basic.html
View File

@@ -95,10 +95,10 @@ function test_directoryEntry_createReader() {
reader.readEntries(function(a) { reader.readEntries(function(a) {
ok(Array.isArray(a), "We want an array."); ok(Array.isArray(a), "We want an array.");
is(a.length, 2, "reader.readyEntries returns 2 elements."); is(a.length, 3, "reader.readyEntries returns 2 elements.");
for (var i = 0; i < 2; ++i) { for (var i = 0; i < 3; ++i) {
ok(a[i].name == "subdir" || a[i].name == "foo.txt", "Correct names"); ok(a[i].name == "subdir" || a[i].name == "foo.txt" || a[i].name == "..subdir..", "Correct names");
is(a[i].fullPath, directoryEntry.fullPath + "/" + a[i].name, "FullPath is correct"); is(a[i].fullPath, directoryEntry.fullPath + "/" + a[i].name, "FullPath is correct");
} }
@@ -176,7 +176,17 @@ function test_directoryEntry_getFile_simple() {
} }
function test_directoryEntry_getFile_deep() { function test_directoryEntry_getFile_deep() {
directoryEntry.getFile("subdir/bar.txt", {}, directoryEntry.getFile("subdir/bar..txt", {},
function(e) {
is(e.name, "bar..txt", "We have the right FileEntry.");
test_getParent(e, directoryEntry, /* nested */ true);
}, function(e) {
ok(false, "This should not happen.");
});
}
function test_directoryEntry_getFile_funnyName() {
directoryEntry.getFile("..subdir../bar.txt", {},
function(e) { function(e) {
is(e.name, "bar.txt", "We have the right FileEntry."); is(e.name, "bar.txt", "We have the right FileEntry.");
test_getParent(e, directoryEntry, /* nested */ true); test_getParent(e, directoryEntry, /* nested */ true);
@@ -245,6 +255,16 @@ function test_directoryEntry_getDirectory_deep() {
}); });
} }
function test_directoryEntry_getDirectory_funnyName() {
directoryEntry.getDirectory("..subdir..", {},
function(e) {
is(e.name, "..subdir..", "We have the right DirectoryEntry.");
test_getParent(e, directoryEntry, /* nested */ false);
}, function(e) {
ok(false, "This should not happen.");
});
}
function test_filesystem() { function test_filesystem() {
is(fileEntry.filesystem, directoryEntry.filesystem, "FileSystem object is shared."); is(fileEntry.filesystem, directoryEntry.filesystem, "FileSystem object is shared.");
@@ -316,9 +336,9 @@ function test_root_getFile_simple() {
} }
function test_root_getFile_deep() { function test_root_getFile_deep() {
fileEntry.filesystem.root.getFile(directoryEntry.name + "/subdir/bar.txt", {}, fileEntry.filesystem.root.getFile(directoryEntry.name + "/subdir/bar..txt", {},
function(e) { function(e) {
is(e.name, "bar.txt", "We have the right FileEntry."); is(e.name, "bar..txt", "We have the right FileEntry.");
next(); next();
}, function(e) { }, function(e) {
ok(false, "This should not happen."); ok(false, "This should not happen.");
@@ -448,6 +468,7 @@ var tests = [
test_directoryEntry_getFile_nonExistingPath, test_directoryEntry_getFile_nonExistingPath,
test_directoryEntry_getFile_simple, test_directoryEntry_getFile_simple,
test_directoryEntry_getFile_deep, test_directoryEntry_getFile_deep,
test_directoryEntry_getFile_funnyName,
test_directoryEntry_getDirectory_securityError, test_directoryEntry_getDirectory_securityError,
test_directoryEntry_getDirectory_typeMismatchError, test_directoryEntry_getDirectory_typeMismatchError,
@@ -455,6 +476,7 @@ var tests = [
test_directoryEntry_getDirectory_nonExistingPath, test_directoryEntry_getDirectory_nonExistingPath,
test_directoryEntry_getDirectory_simple, test_directoryEntry_getDirectory_simple,
test_directoryEntry_getDirectory_deep, test_directoryEntry_getDirectory_deep,
test_directoryEntry_getDirectory_funnyName,
test_filesystem, test_filesystem,