github/cordova-android
4
0
Fork 1
mirror of https://github.com/apache/cordova-android.git synced 2026-04-23 00:00:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(pluginHandlers): properly check if path is inside another (#1014)

Browse Source
This commit is contained in:
Raphael von der Grün
2020-07-08 23:31:16 +02:00
committed by GitHub
parent 80ad635348
commit 8ef8d994df
4 changed files with 18 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bin/templates/cordova/lib/pluginHandlers.js
Vendored
+3 -2
View File
@@ -16,6 +16,7 @@
var fs = require('fs-extra');
var path = require('path');
var isPathInside = require('is-path-inside');
var events = require('cordova-common').events;
var CordovaError = require('cordova-common').CordovaError;
@@ -209,12 +210,12 @@ function copyFile (plugin_dir, src, project_dir, dest, link) {
// check that src path is inside plugin directory
var real_path = fs.realpathSync(src);
var real_plugin_path = fs.realpathSync(plugin_dir);
if (real_path.indexOf(real_plugin_path) !== 0) { throw new CordovaError('File "' + src + '" is located outside the plugin directory "' + plugin_dir + '"'); }
if (!isPathInside(real_path, real_plugin_path)) { throw new CordovaError('File "' + src + '" is located outside the plugin directory "' + plugin_dir + '"'); }
dest = path.resolve(project_dir, dest);
// check that dest path is located in project directory
if (dest.indexOf(project_dir) !== 0) { throw new CordovaError('Destination "' + dest + '" for source file "' + src + '" is located outside the project'); }
if (!isPathInside(dest, project_dir)) { throw new CordovaError('Destination "' + dest + '" for source file "' + src + '" is located outside the project'); }
fs.ensureDirSync(path.dirname(dest));
if (link) {