[Logo] Enterprise Client Community
  [Search] Search   [Recent Topics] Recent Topics   [Members]  Member Listing   [Groups] Back to home page 
[Register] Register / 
[Login] Login 
webcontentdeploydirectory and relative path (contains ..)  XML
Forum Index -> Development
Author Message
obielkin



Joined: 25/03/2021 04:40:57
Messages: 3
Offline

It would be nice to have an option use relative path in webcontentdeploydirectory property of .ccproject file (e.g.)

Code:
webcontentdeploydirectory="${project}/../Build/CC"


Motivation: the .ccpoject file is under version control and is use by several team members (different OS, paths etc.). As a workaround is to pass that path from outside of the .ccproject file (e.g. environment variable; I saw similar post in that forum, but syntaxes ${env.variable-name} didn't work for me also).

Investigation:
The code above (e.g. webcontentdeploydirectory with ..) leads to the situation, when deploy ignores webcontentdirectory directory completely (i.e. nothing from webcontentdirectory is copying to webcontentdeploydirectory, but deploycopyinfo instructions works correctly).
If I try to copy webcontentdirectory manually
Code:
     <deploycopyinfo
             fromdir="${project}/webcontent"
             todir="${projectdeploy}">
     </deploycopyinfo>
 

I catch deploy time exception

Caused by: org.eclnt.util.valuemgmt.FileNameValidatesSecurityRuleError: File name not allowed - it contains ".."-sequence.
at org.eclnt.util.valuemgmt.ValueManager.approveFileName(ValueManager.java:2477)
at org.eclnt.util.file.FileManager.writeFile(FileManager.java:533) 


Can provide complete .ccproject file in case of necessity
CaptainCasa

Power User
[Avatar]

Joined: 21/11/2007 12:23:06
Messages: 5510
Offline

Hi,

in our central "FileManager" we have this protection for not writing files with ".." inside... that seems to be the only issue against what you propose. We did this check for security reasons (you know: there might be e.g. a function to upload content and passing a file-name: by adding "../../../" the user might try to place a file in a directory which is not considered at all by the application processing...).

We can overcome this in the editor by directly transferring the "../"-directory into some real directory name without "../" which then is used internally.

Should not be a big problem, I expect this function to be part of next Monday's update.

Thanks! + Best wishes to you!
Björn

Björn Müller, CaptainCasa GmbH
 
Forum Index -> Development
Go to:   
Powered by JForum 2.1.6 © JForum Team