From bf874609440eb474eb58d2cf06160cb6447353ff Mon Sep 17 00:00:00 2001 From: yaozh Date: Fri, 22 May 2026 10:15:18 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AE=89=E5=85=A8=E5=91=8A=E8=AD=A6=E4=BF=AE?= =?UTF-8?q?=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: yaozh --- .../ringtone_restore/src/ringtone_restore.cpp | 8 +++-- services/utils/src/ringtone_file_utils.cpp | 35 +++++++++++++++++-- 2 files changed, 38 insertions(+), 5 deletions(-) diff --git a/services/ringtone_restore/src/ringtone_restore.cpp b/services/ringtone_restore/src/ringtone_restore.cpp index 2cdb542..fa95cdd 100644 --- a/services/ringtone_restore/src/ringtone_restore.cpp +++ b/services/ringtone_restore/src/ringtone_restore.cpp @@ -151,9 +151,11 @@ void RingtoneRestore::CustomizedRingToneHandle(FileInfo& fileInfo) auto rawRdb = rdbStore->GetRaw(); CHECK_AND_RETURN_LOG(rawRdb != nullptr, "rawRdb is nullptr"); string sql = "SELECT " + VIBRATE_COLUMN_DATA + " FROM " + - RINGTONE_TABLE + " WHERE " + VIBRATE_COLUMN_DATA + " like " + "'%" + - dataPath + "' AND " + RINGTONE_COLUMN_SOURCE_TYPE + " = 1"; - auto resultSet = rawRdb->QuerySql(sql); + RINGTONE_TABLE + " WHERE " + VIBRATE_COLUMN_DATA + " LIKE ?" + + " AND " + RINGTONE_COLUMN_SOURCE_TYPE + " = 1"; + std::vector bindArgs; + bindArgs.push_back(NativeRdb::ValueObject("%" + dataPath)); + auto resultSet = rawRdb->QuerySql(sql, bindArgs); CHECK_AND_RETURN_LOG(resultSet != nullptr, "resultSet is nullptr"); if (resultSet->GoToFirstRow() != NativeRdb::E_OK) { resultSet->Close(); diff --git a/services/utils/src/ringtone_file_utils.cpp b/services/utils/src/ringtone_file_utils.cpp index be0f10e..df77253 100644 --- a/services/utils/src/ringtone_file_utils.cpp +++ b/services/utils/src/ringtone_file_utils.cpp @@ -435,6 +435,33 @@ bool RingtoneFileUtils::MoveFile(const string &oldPath, const string &newPath) return errRet; } +static bool GetSafeDestPath(const string &newPath, string &absNewPath) +{ + bool newPathExists = PathToRealPath(newPath, absNewPath); + if (newPathExists) { + return true; // 目标存在,路径已验证 + } + // 目标不存在,校验父目录 + size_t lastSlash = newPath.rfind('/'); + if (lastSlash == std::string::npos) { + RINGTONE_ERR_LOG("No parent directory in path"); + return false; + } + string parentDir = newPath.substr(0, lastSlash); + string fileName = newPath.substr(lastSlash + 1); + if (fileName.empty() || fileName.find('/') != std::string::npos) { + RINGTONE_ERR_LOG("Invalid file name"); + return false; + } + string absParentDir; + if (!PathToRealPath(parentDir, absParentDir)) { + RINGTONE_ERR_LOG("Parent directory not valid"); + return false; + } + absNewPath = absParentDir + "/" + fileName; + return true; +} + bool RingtoneFileUtils::CopyFileUtil(const string &filePath, const string &newPath) { struct stat fst{}; @@ -466,8 +493,12 @@ bool RingtoneFileUtils::CopyFileUtil(const string &filePath, const string &newPa RINGTONE_ERR_LOG("Open failed for source file"); return ret; } - - int32_t dest = open(newPath.c_str(), O_WRONLY | O_CREAT, MODE_RW_USR); + string absNewPath; + if (!GetSafeDestPath(newPath, absNewPath)) { + close(source); + return false; + } + int32_t dest = open(absNewPath.c_str(), O_WRONLY | O_CREAT, MODE_RW_USR); if (dest == -1) { RINGTONE_ERR_LOG("Open failed for destination file %{public}d", errno); close(source);