Brett Rudd created CB-7890:
------------------------------
Summary: Validate file copy operations in plugman
Key: CB-7890
URL: https://issues.apache.org/jira/browse/CB-7890
Project: Apache Cordova
Issue Type: Improvement
Components: CordovaLib
Reporter: Brett Rudd
Assignee: Brett Rudd
Priority: Critical
Currently plugman fileCopy:
1) allows absolute src and target elements to locations outside the plugin
directory and/or project directory
2) follows and allow copying of symlinks to files outside the plugin directory
To fix i would suggest:
1) throw on any resolved target location outside of the project dir
2) throw on any resolved src not inside the plugin dir
3) allow symlinks inside the plugins dir (common platform agnostic assets etc.)
but it MUST point to a location also inside the plugin directory.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
