mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-25 13:51:41 +00:00
Bug 1354308 - Entries API must support patches containing '..', r=froydnj
This commit is contained in:
Andrea Marchesini
parent
aae9e97436
commit
0bef963eb6
@ -89,9 +89,17 @@ FileSystemSecurity::ContentProcessHasAccessTo(ContentParentId aId,
|
||||
MOZ_ASSERT(NS_IsMainThread());
|
||||
AssertIsInMainProcess();
|
||||
|
||||
if (FindInReadable(NS_LITERAL_STRING(".."), aPath)) {
|
||||
#if defined(XP_WIN)
|
||||
if (StringBeginsWith(aPath, NS_LITERAL_STRING("..\\")) ||
|
||||
FindInReadable(NS_LITERAL_STRING("\\..\\"), aPath)) {
|
||||
return false;
|
||||
}
|
||||
#elif defined(XP_UNIX)
|
||||
if (StringBeginsWith(aPath, NS_LITERAL_STRING("../")) ||
|
||||
FindInReadable(NS_LITERAL_STRING("/../"), aPath)) {
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
nsTArray<nsString>* paths;
|
||||
if (!mPaths.Get(aId, &paths)) {
|
||||
|
||||
@ -28,13 +28,21 @@ addMessageListener("entries.open", function (e) {
|
||||
dir1.create(Components.interfaces.nsIFile.DIRECTORY_TYPE, 0o700);
|
||||
|
||||
var file2 = dir1.clone();
|
||||
file2.append('bar.txt');
|
||||
file2.append('bar..txt'); // Note the double ..
|
||||
file2.create(Components.interfaces.nsIFile.NORMAL_FILE_TYPE, 0o600);
|
||||
|
||||
var dir2 = dir1.clone();
|
||||
dir2.append('subsubdir');
|
||||
dir2.create(Components.interfaces.nsIFile.DIRECTORY_TYPE, 0o700);
|
||||
|
||||
var dir3 = tmpDir.clone();
|
||||
dir3.append('..subdir..');
|
||||
dir3.create(Components.interfaces.nsIFile.DIRECTORY_TYPE, 0o700);
|
||||
|
||||
var file3 = dir3.clone();
|
||||
file3.append('bar.txt');
|
||||
file3.create(Components.interfaces.nsIFile.NORMAL_FILE_TYPE, 0o600);
|
||||
|
||||
File.createFromNsIFile(tmpFile).then(function(file) {
|
||||
sendAsyncMessage("entries.opened", {
|
||||
data: [ new Directory(tmpDir.path), file ]
|
||||
|
||||
@ -95,10 +95,10 @@ function test_directoryEntry_createReader() {
|
||||
|
||||
reader.readEntries(function(a) {
|
||||
ok(Array.isArray(a), "We want an array.");
|
||||
is(a.length, 2, "reader.readyEntries returns 2 elements.");
|
||||
is(a.length, 3, "reader.readyEntries returns 2 elements.");
|
||||
|
||||
for (var i = 0; i < 2; ++i) {
|
||||
ok(a[i].name == "subdir" || a[i].name == "foo.txt", "Correct names");
|
||||
for (var i = 0; i < 3; ++i) {
|
||||
ok(a[i].name == "subdir" || a[i].name == "foo.txt" || a[i].name == "..subdir..", "Correct names");
|
||||
is(a[i].fullPath, directoryEntry.fullPath + "/" + a[i].name, "FullPath is correct");
|
||||
}
|
||||
|
||||
@ -176,7 +176,17 @@ function test_directoryEntry_getFile_simple() {
|
||||
}
|
||||
|
||||
function test_directoryEntry_getFile_deep() {
|
||||
directoryEntry.getFile("subdir/bar.txt", {},
|
||||
directoryEntry.getFile("subdir/bar..txt", {},
|
||||
function(e) {
|
||||
is(e.name, "bar..txt", "We have the right FileEntry.");
|
||||
test_getParent(e, directoryEntry, /* nested */ true);
|
||||
}, function(e) {
|
||||
ok(false, "This should not happen.");
|
||||
});
|
||||
}
|
||||
|
||||
function test_directoryEntry_getFile_funnyName() {
|
||||
directoryEntry.getFile("..subdir../bar.txt", {},
|
||||
function(e) {
|
||||
is(e.name, "bar.txt", "We have the right FileEntry.");
|
||||
test_getParent(e, directoryEntry, /* nested */ true);
|
||||
@ -245,6 +255,16 @@ function test_directoryEntry_getDirectory_deep() {
|
||||
});
|
||||
}
|
||||
|
||||
function test_directoryEntry_getDirectory_funnyName() {
|
||||
directoryEntry.getDirectory("..subdir..", {},
|
||||
function(e) {
|
||||
is(e.name, "..subdir..", "We have the right DirectoryEntry.");
|
||||
test_getParent(e, directoryEntry, /* nested */ false);
|
||||
}, function(e) {
|
||||
ok(false, "This should not happen.");
|
||||
});
|
||||
}
|
||||
|
||||
function test_filesystem() {
|
||||
is(fileEntry.filesystem, directoryEntry.filesystem, "FileSystem object is shared.");
|
||||
|
||||
@ -316,9 +336,9 @@ function test_root_getFile_simple() {
|
||||
}
|
||||
|
||||
function test_root_getFile_deep() {
|
||||
fileEntry.filesystem.root.getFile(directoryEntry.name + "/subdir/bar.txt", {},
|
||||
fileEntry.filesystem.root.getFile(directoryEntry.name + "/subdir/bar..txt", {},
|
||||
function(e) {
|
||||
is(e.name, "bar.txt", "We have the right FileEntry.");
|
||||
is(e.name, "bar..txt", "We have the right FileEntry.");
|
||||
next();
|
||||
}, function(e) {
|
||||
ok(false, "This should not happen.");
|
||||
@ -448,6 +468,7 @@ var tests = [
|
||||
test_directoryEntry_getFile_nonExistingPath,
|
||||
test_directoryEntry_getFile_simple,
|
||||
test_directoryEntry_getFile_deep,
|
||||
test_directoryEntry_getFile_funnyName,
|
||||
|
||||
test_directoryEntry_getDirectory_securityError,
|
||||
test_directoryEntry_getDirectory_typeMismatchError,
|
||||
@ -455,6 +476,7 @@ var tests = [
|
||||
test_directoryEntry_getDirectory_nonExistingPath,
|
||||
test_directoryEntry_getDirectory_simple,
|
||||
test_directoryEntry_getDirectory_deep,
|
||||
test_directoryEntry_getDirectory_funnyName,
|
||||
|
||||
test_filesystem,
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user