youys
/
ant
Not watched
1
0
Fork 1
Code
Releases 0 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
Browse Source

Merge branch '1.9.x'

master
Stefan Bodewig 7 years ago
parent
0b3e006f27 857095da51
commit
d4cc7cf0a9
4 changed files with 11 additions and 8 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -1
      WHATSNEW
  2. +2
    -1
      manual/Tasks/unzip.html
  3. +1
    -1
      src/main/org/apache/tools/ant/taskdefs/Expand.java
  4. +5
    -5
      src/tests/antunit/taskdefs/unzip-test.xml

+ 3
- 1
WHATSNEW View File

@@ -9,10 +9,12 @@ Changes that could break older environments:
destination directory anymore by default. A new attribute
allowFilesToEscapeDest can be used to override the behavior.
Another special case is when stripAbsolutePathSpec is false (which
still is the default) and the entry's name starts with a
no longer is the default) and the entry's name starts with a
(back)slash and allowFilesToEscapeDest hasn't been specified
explicitly, in this case the file may be created outside of the
dest directory as well.
In addition stripAbsolutePathSpec is now true by default.
Based on a recommendation by the Snyk Security Research Team.

Fixed bugs:
-----------


+ 2
- 1
manual/Tasks/unzip.html View File

@@ -108,7 +108,8 @@ extract an Ant generated ZIP archive.</p>
name before extracting it. Note that this changes the entry name before
applying <code>include</code>/<code>exclude</code> patterns and before using the nested
mappers (if any). <em>since Ant 1.8.0</em></td>
<td>No; defaults to <q>false</q></td>
<td>No; defaults to <q>true</q> since 1.10.4
(used to defaukt to <q>false</q> prior to that)</td>
</tr>
<tr>
<td>scanForUnicodeExtraFields</td>


+ 1
- 1
src/main/org/apache/tools/ant/taskdefs/Expand.java View File

@@ -75,7 +75,7 @@ public class Expand extends Task {
private Union resources = new Union();
private boolean resourcesSpecified = false;
private boolean failOnEmptyArchive = false;
private boolean stripAbsolutePathSpec = false;
private boolean stripAbsolutePathSpec = true;
private boolean scanForUnicodeExtraFields = true;
private Boolean allowFilesToEscapeDest = null;



+ 5
- 5
src/tests/antunit/taskdefs/unzip-test.xml View File

@@ -101,16 +101,16 @@ public class A {
<available property="can-write-to-tmp!" file="/tmp/testdir/"/>
</target>

<target name="testEntriesCanEscapeDestViaAbsolutePathByDefault"
<target name="testEntriesCanEscapeDestViaAbsolutePathIfPermitted"
depends="-can-write-to-tmp?" if="can-write-to-tmp!">
<unzip src="zip/direscape-absolute.zip" dest="${output}"/>
<unzip src="zip/direscape-absolute.zip" dest="${output}"
stripAbsolutePathSpec="false"/>
<au:assertFileExists file="/tmp/testdir/a"/>
</target>

<target name="testEntriesDontEscapeDestViaAbsolutePathIfProhibited"
<target name="testEntriesDontEscapeDestViaAbsolutePathByDefault"
depends="-can-write-to-tmp?" if="can-write-to-tmp!">
<unzip src="zip/direscape-absolute.zip" dest="${output}"
allowFilesToEscapeDest="false"/>
<unzip src="zip/direscape-absolute.zip" dest="${output}"/>
<au:assertFileDoesntExist file="/tmp/testdir/a"/>
</target>
</project>

Write Preview
Loading…
Cancel
Save
Please read the following content carefully:

Dear OpenI User

Thank you for your continuous support to the Openl Qizhi Community AI Collaboration Platform. In order to protect your usage rights and ensure network security, we updated the Openl Qizhi Community AI Collaboration Platform Usage Agreement in January 2024. The updated agreement specifies that users are prohibited from using intranet penetration tools. After you click "Agree and continue", you can continue to use our services. Thank you for your cooperation and understanding.

For more agreement content, please refer to the《Openl Qizhi Community AI Collaboration Platform Usage Agreement》

Agree and continue
Disagree, exit