[
https://issues.apache.org/jira/browse/CB-7890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shazron Abdullah resolved CB-7890.
----------------------------------
Resolution: Fixed
> Validate file copy operations in plugman
> ----------------------------------------
>
> Key: CB-7890
> URL: https://issues.apache.org/jira/browse/CB-7890
> Project: Apache Cordova
> Issue Type: Improvement
> Components: CordovaLib
> Reporter: Brett Rudd
> Assignee: Brett Rudd
> Priority: Critical
>
> Currently plugman fileCopy:
> 1) allows absolute src and target elements to locations outside the plugin
> directory and/or project directory
> 2) follows and allow copying of symlinks to files outside the plugin directory
> To fix i would suggest:
> 1) throw on any resolved target location outside of the project dir
> 2) throw on any resolved src not inside the plugin dir
> 3) allow symlinks inside the plugins dir (common platform agnostic assets
> etc.) but it MUST point to a location also inside the plugin directory.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
