[
https://issues.apache.org/jira/browse/CB-4952?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13918221#comment-13918221
]
Ian Clelland commented on CB-4952:
----------------------------------
resolveLocalFileSystemURL now does a URLByResolvingSymlinksInPath on the
incoming URL. I've added a mobile spec test that manually inserts '/private/'
into a filesystem path, and tries to resolve the result. It's passing now with
the latest dev branch of File.
> resolveLocalFileSystemURI returns SECURITY_ERROR wrongly in iOS
> ---------------------------------------------------------------
>
> Key: CB-4952
> URL: https://issues.apache.org/jira/browse/CB-4952
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS, Plugin File
> Affects Versions: 3.0.0
> Environment: iOS
> Reporter: Kuan Yi Ming
> Assignee: Ian Clelland
>
> The simplified version of resolveLocalFileSystemURI in the 3.0.0 file plugin
> doesn't properly check the URI if it's in the tmp or Documents folder and
> returns FileError.SECURITY_ERROR instead. This doesn't occur in 2.9.0.
> For example, trying to resolve a URI of a video file from using getPicture().
> Calling the following lines in CDVFile.m using the above example:
> {code:java}
> NSLog(@"url path: %@", path);
> NSLog(@"docs path: %@", self.appDocsPath);
> NSLog(@"temp path: %@", self.appTempPath);
> {code}
> returns these:
> url path: /private/var/mobile/Applications/[app id]/tmp//trim.TpPlJN.MOV
> docs path: /var/mobile/Applications/[app id]/Documents
> temp path: /var/mobile/Applications/[app id]/tmp
> Since the security error check uses hasPrefix against self.appDocsPath and
> self.appTempPath here, it fails the check.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
