diff options
| author | Marco Nelissen <marcone@google.com> | 2009-05-06 11:08:08 -0700 |
|---|---|---|
| committer | Marco Nelissen <marcone@google.com> | 2009-05-06 11:09:55 -0700 |
| commit | 2da78c0877a7fa924f62cc76700f3da29c47f5ad (patch) | |
| tree | 2af9343ec4e9b8105a79805686fcd913c679b659 | |
| parent | 12dd4deb408b0e75bed5028308b4531c0d1ecda0 (diff) | |
Don't allow '/../' to be part of the path for delete file triggers.
| -rw-r--r-- | android/sqlite3_android.cpp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/android/sqlite3_android.cpp b/android/sqlite3_android.cpp index 27334ef..3e11808 100644 --- a/android/sqlite3_android.cpp +++ b/android/sqlite3_android.cpp @@ -161,7 +161,11 @@ static void delete_file(sqlite3_context * context, int argc, sqlite3_value ** ar sqlite3_result_null(context); return; } - + if (strstr(path, "/../") != NULL) { + sqlite3_result_null(context); + return; + } + int err = unlink(path); if (err != -1) { // No error occured, return true |