4a1ade1 - platform/packages/providers/ContactsProvider

commit	4a1ade1e8e86f8f8d2f47fce809e0b5e64735c2d	[log] [tgz]
author	Chiao Cheng <chiaocheng@google.com>	Mon Jul 08 17:56:47 2013 -0700
committer	Chiao Cheng <chiaocheng@google.com>	Tue Jul 09 13:49:39 2013 -0700
tree	c20200657fe43a9667017385e7d8f872bc4edbc5
parent	3f88ff6b537fb53806f126b4aea3355686387717 [diff]

White list file names and do not allow ".."

Fixes security vulnerability where application can pass in relative file paths
with ".." in the string to access files outside of the dumpedfiles directory.

Bug: 9607306
Change-Id: Iad219cb48fa560d837498c2dc75127294dcf401b

src/com/android/providers/contacts/debug/DataExporter.java[diff]
src/com/android/providers/contacts/debug/DumpFileProvider.java[diff]

2 files changed

tree: c20200657fe43a9667017385e7d8f872bc4edbc5

res/
src/
tests/
Android.mk
AndroidManifest.xml
CleanSpec.mk
MODULE_LICENSE_APACHE2
NOTICE
proguard.flags