[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677

darin darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:19:04 UTC 2009 

The following commit has been merged in the debian/unstable branch:
commit 88b016303ccfeb507acaf1a1a270ea87b1a3a5d7
Author: darin <darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Jan 10 01:12:08 2003 +0000

            Reviewed by Richard.
    
            - fixed 3143332 -- if path returned is empty string (or "." or "..") it will trash the /tmp symlink
    
            * Plugins.subproj/WebBaseNetscapePluginStream.m:
            (-[WebBaseNetscapePluginStream finishedLoadingWithData:]):
            Check for empty string, ".", and "..", and don't create files by those names.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@3288 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebKit/ChangeLog b/WebKit/ChangeLog
index c33c705..598d15c 100644
--- a/WebKit/ChangeLog
+++ b/WebKit/ChangeLog
@@ -1,3 +1,13 @@
+2003-01-09  Darin Adler  <darin at apple.com>
+
+        Reviewed by Richard.
+        
+        - fixed 3143332 -- if path returned is empty string (or "." or "..") it will trash the /tmp symlink
+
+        * Plugins.subproj/WebBaseNetscapePluginStream.m:
+        (-[WebBaseNetscapePluginStream finishedLoadingWithData:]):
+        Check for empty string, ".", and "..", and don't create files by those names.
+
 2003-01-09  Trey Matteson  <trey at apple.com>
 
 	3143294 - need short-term bulletproofing of download code against bad filenames
diff --git a/WebKit/Plugins.subproj/WebBaseNetscapePluginStream.m b/WebKit/Plugins.subproj/WebBaseNetscapePluginStream.m
index fd99c1a..fc080ca 100644
--- a/WebKit/Plugins.subproj/WebBaseNetscapePluginStream.m
+++ b/WebKit/Plugins.subproj/WebBaseNetscapePluginStream.m
@@ -136,7 +136,11 @@
     }
     
     NSString *filename = [[URL path] lastPathComponent];
-    if(transferMode == NP_ASFILE || transferMode == NP_ASFILEONLY) {
+    if ([filename length] == 0 || [filename isEqualToString:@"."] || [filename isEqualToString:@".."]) {
+        return;
+    }
+    
+    if (transferMode == NP_ASFILE || transferMode == NP_ASFILEONLY) {
         // FIXME: Need to use something like mkstemp?
         path = [[NSString stringWithFormat:@"/tmp/%@", filename] retain];        
         NSFileManager *fileManager = [NSFileManager defaultManager];

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list