9c842fcf486ed5c70ca6db3106349aade27751bf - platform/packages/providers/ContactsProvider

commit	9c842fcf486ed5c70ca6db3106349aade27751bf	[log] [tgz]
author	Chiao Cheng <chiaocheng@google.com>	Mon Jul 08 17:56:47 2013 -0700
committer	Chiao Cheng <chiaocheng@google.com>	Tue Jul 09 14:43:03 2013 -0700
tree	2f7e8be295ff28475a9ce9a2995ccaf013740e08
parent	44e6d244fa7b7fb39b4488f6b8e54e3b6bb6e605 [diff]

White list file names and do not allow ".."

Fixes security vulnerability where application can pass in relative file paths
with ".." in the string to access files outside of the dumpedfiles directory.

Bug: 9607306
Change-Id: Iad219cb48fa560d837498c2dc75127294dcf401b

src/com/android/providers/contacts/debug/DataExporter.java[diff]
src/com/android/providers/contacts/debug/DumpFileProvider.java[diff]

2 files changed

tree: 2f7e8be295ff28475a9ce9a2995ccaf013740e08

res/
src/
tests/
Android.mk
AndroidManifest.xml
CleanSpec.mk
MODULE_LICENSE_APACHE2
NOTICE
proguard.flags