[jira] [Updated] (CB-4952) resolveLocalFileSystemURI returns SECURITY_ERROR wrongly in iOS

Mon, 30 Sep 2013 02:16:54 -0700 

     [ 
https://issues.apache.org/jira/browse/CB-4952?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kuan Yi Ming updated CB-4952:
-----------------------------

    Description: 
The simplified version of resolveLocalFileSystemURI in the 3.0.0 file plugin 
doesn't properly check the URI if it's in the tmp or Documents folder and 
returns FileError.SECURITY_ERROR instead. This doesn't occur in 2.9.0.

For example, trying to resolve a URI of a video file from using getPicture().

Calling the following lines in CDVFile.m using the above example:
{code:java}
NSLog(@"url path: %@", path);
NSLog(@"docs path: %@", self.appDocsPath);
NSLog(@"temp path: %@", self.appTempPath);
{code}

returns these:
url path: /private/var/mobile/Applications/[app id]/tmp//trim.TpPlJN.MOV
docs path: /var/mobile/Applications/[app id]/Documents
temp path: /var/mobile/Applications/[app id]/tmp

Since the security error check uses hasPrefix against self.appDocsPath and 
self.appTempPath here, it fails the check.

  was:
The simplified version of resolveLocalFileSystemURI in the 3.0.0 file plugin 
doesn't properly check the URI if it's in the tmp or Documents folder and 
returns SECURITY_ERROR instead. This doesn't occur in 2.9.0.

For example, trying to resolve a URI of a video file from using getPicture().

Calling the following lines in CDVFile.m using the above example:
{code:java}
NSLog(@"url path: %@", path);
NSLog(@"docs path: %@", self.appDocsPath);
NSLog(@"temp path: %@", self.appTempPath);
{code}

returns these:
url path: /private/var/mobile/Applications/[app id]/tmp//trim.TpPlJN.MOV
docs path: /var/mobile/Applications/[app id]/Documents
temp path: /var/mobile/Applications/[app id]/tmp

Since the security error check uses hasPrefix against self.appDocsPath and 
self.appTempPath here, it fails the check.


> resolveLocalFileSystemURI returns SECURITY_ERROR wrongly in iOS
> ---------------------------------------------------------------
>
>                 Key: CB-4952
>                 URL: https://issues.apache.org/jira/browse/CB-4952
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Plugin File
>    Affects Versions: 3.0.0
>         Environment: iOS
>            Reporter: Kuan Yi Ming
>
> The simplified version of resolveLocalFileSystemURI in the 3.0.0 file plugin 
> doesn't properly check the URI if it's in the tmp or Documents folder and 
> returns FileError.SECURITY_ERROR instead. This doesn't occur in 2.9.0.
> For example, trying to resolve a URI of a video file from using getPicture().
> Calling the following lines in CDVFile.m using the above example:
> {code:java}
> NSLog(@"url path: %@", path);
> NSLog(@"docs path: %@", self.appDocsPath);
> NSLog(@"temp path: %@", self.appTempPath);
> {code}
> returns these:
> url path: /private/var/mobile/Applications/[app id]/tmp//trim.TpPlJN.MOV
> docs path: /var/mobile/Applications/[app id]/Documents
> temp path: /var/mobile/Applications/[app id]/tmp
> Since the security error check uses hasPrefix against self.appDocsPath and 
> self.appTempPath here, it fails the check.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to