[
https://issues.apache.org/jira/browse/CB-5960?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ian Clelland resolved CB-5960.
------------------------------
Resolution: Fixed
Fixed in dev
> File API mishandles relative URLs that traverse directories above the FS root
> -----------------------------------------------------------------------------
>
> Key: CB-5960
> URL: https://issues.apache.org/jira/browse/CB-5960
> Project: Apache Cordova
> Issue Type: Bug
> Reporter: Ian Clelland
>
> Filesystem URLs should not be able to use ".." path components to reach
> outside of their sandbox. From the File API, ".." relative to a path resolves
> to the paths parent directory, and the parent directory of the filesystem
> root is itself.
> So, if {{root}} is a DirectoryEntry representing the root of a filesystem,
> then
> {code}
> root.getFile("../file.txt", ...);
> {code}
> and
> {code}
> root.getFile("/file.txt", ...);
> {code}
> should resolve to the same file.
> {code}
> root.getDirectory("subdir_a/subdir_b", function(entry) {
> entry.getFile("../file.txt", ...);
> }, ...);
> {code}
> should resolve to "/subdir_a/file.txt"
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
