Bug 1354308 - Entries API must support patches containing '..'. r=froydnj, a=gchang
authorAndrea Marchesini <amarchesini@mozilla.com>
Thu, 27 Apr 2017 08:19:56 +0200
changeset 396087 e9e0a7ff2aad25c6033f84aa28018dda1cb76d53
parent 396086 f644e615b15ebc2b088c5173012d1cc6ffaa2543
child 396088 db8feaa3e24bc428292b724ab7531a3726a45cc6
push id1468
push userasasaki@mozilla.com
push dateMon, 05 Jun 2017 19:31:07 +0000
treeherdermozilla-release@0641fc6ee9d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfroydnj, gchang
bugs1354308
milestone54.0
Bug 1354308 - Entries API must support patches containing '..'. r=froydnj, a=gchang
dom/filesystem/FileSystemSecurity.cpp
dom/filesystem/compat/tests/script_entries.js
dom/filesystem/compat/tests/test_basic.html
--- a/dom/filesystem/FileSystemSecurity.cpp
+++ b/dom/filesystem/FileSystemSecurity.cpp
@@ -84,19 +84,27 @@ FileSystemSecurity::Forget(ContentParent
 
 bool
 FileSystemSecurity::ContentProcessHasAccessTo(ContentParentId aId,
                                               const nsAString& aPath)
 {
   MOZ_ASSERT(NS_IsMainThread());
   AssertIsInMainProcess();
 
-  if (FindInReadable(NS_LITERAL_STRING(".."), aPath)) {
+#if defined(XP_WIN)
+  if (StringBeginsWith(aPath, NS_LITERAL_STRING("..\\")) ||
+      FindInReadable(NS_LITERAL_STRING("\\..\\"), aPath)) {
     return false;
   }
+#elif defined(XP_UNIX)
+  if (StringBeginsWith(aPath, NS_LITERAL_STRING("../")) ||
+      FindInReadable(NS_LITERAL_STRING("/../"), aPath)) {
+    return false;
+  }
+#endif
 
   nsTArray<nsString>* paths;
   if (!mPaths.Get(aId, &paths)) {
     return false;
   }
 
   for (uint32_t i = 0, len = paths->Length(); i < len; ++i) {
     if (FileSystemUtils::IsDescendantPath(paths->ElementAt(i), aPath)) {
--- a/dom/filesystem/compat/tests/script_entries.js
+++ b/dom/filesystem/compat/tests/script_entries.js
@@ -23,17 +23,17 @@ addMessageListener("entries.open", funct
   file1.append('foo.txt');
   file1.create(Components.interfaces.nsIFile.NORMAL_FILE_TYPE, 0o600);
 
   var dir1 = tmpDir.clone();
   dir1.append('subdir');
   dir1.create(Components.interfaces.nsIFile.DIRECTORY_TYPE, 0o700);
 
   var file2 = dir1.clone();
-  file2.append('bar.txt');
+  file2.append('bar..txt'); // Note the double ..
   file2.create(Components.interfaces.nsIFile.NORMAL_FILE_TYPE, 0o600);
 
   var dir2 = dir1.clone();
   dir2.append('subsubdir');
   dir2.create(Components.interfaces.nsIFile.DIRECTORY_TYPE, 0o700);
 
   File.createFromNsIFile(tmpFile).then(function(file) {
     sendAsyncMessage("entries.opened", {
--- a/dom/filesystem/compat/tests/test_basic.html
+++ b/dom/filesystem/compat/tests/test_basic.html
@@ -171,19 +171,19 @@ function test_directoryEntry_getFile_sim
     is(e.name, "foo.txt", "We have the right FileEntry.");
     test_getParent(e, directoryEntry, /* nested */ false);
   }, function(e) {
     ok(false, "This should not happen.");
   });
 }
 
 function test_directoryEntry_getFile_deep() {
-  directoryEntry.getFile("subdir/bar.txt", {},
+  directoryEntry.getFile("subdir/bar..txt", {},
   function(e) {
-    is(e.name, "bar.txt", "We have the right FileEntry.");
+    is(e.name, "bar..txt", "We have the right FileEntry.");
     test_getParent(e, directoryEntry, /* nested */ true);
   }, function(e) {
     ok(false, "This should not happen.");
   });
 }
 
 function test_directoryEntry_getDirectory_securityError() {
   directoryEntry.getDirectory("foo", { create: true },
@@ -311,19 +311,19 @@ function test_root_getFile_simple() {
     is(e.name, fileEntry.name, "We have the right FileEntry.");
     next();
   }, function(e) {
     ok(false, "This should not happen.");
   });
 }
 
 function test_root_getFile_deep() {
-  fileEntry.filesystem.root.getFile(directoryEntry.name + "/subdir/bar.txt", {},
+  fileEntry.filesystem.root.getFile(directoryEntry.name + "/subdir/bar..txt", {},
   function(e) {
-    is(e.name, "bar.txt", "We have the right FileEntry.");
+    is(e.name, "bar..txt", "We have the right FileEntry.");
     next();
   }, function(e) {
     ok(false, "This should not happen.");
   });
 }
 
 function test_root_getDirectory_securityError() {
   fileEntry.filesystem.root.getDirectory("foo", { create: true },