[
https://issues.apache.org/jira/browse/CB-7890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14189132#comment-14189132
]
ASF GitHub Bot commented on CB-7890:
------------------------------------
GitHub user goya opened a pull request:
https://github.com/apache/cordova-lib/pull/116
CB-7890 validate file copy operations in plugman
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/phonegap-build/cordova-lib CB-7890
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cordova-lib/pull/116.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #116
----
commit 164ee71c503cf8c9f38573a3394233973660cb2a
Author: Brett Rudd <[email protected]>
Date: 2014-10-29T19:14:32Z
CB-7890 validate file copy operations in plugman
----
> Validate file copy operations in plugman
> ----------------------------------------
>
> Key: CB-7890
> URL: https://issues.apache.org/jira/browse/CB-7890
> Project: Apache Cordova
> Issue Type: Improvement
> Components: CordovaLib
> Reporter: Brett Rudd
> Assignee: Brett Rudd
> Priority: Critical
>
> Currently plugman fileCopy:
> 1) allows absolute src and target elements to locations outside the plugin
> directory and/or project directory
> 2) follows and allow copying of symlinks to files outside the plugin directory
> To fix i would suggest:
> 1) throw on any resolved target location outside of the project dir
> 2) throw on any resolved src not inside the plugin dir
> 3) allow symlinks inside the plugins dir (common platform agnostic assets
> etc.) but it MUST point to a location also inside the plugin directory.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
