[Modify]修改压缩路径遍历问题
This commit is contained in:
wushaocheng
35
app/proguard-rules.pro
vendored
35
app/proguard-rules.pro
vendored
@@ -435,25 +435,14 @@
|
||||
-dontwarn com.amap.**
|
||||
|
||||
|
||||
-keep class com.zego.**{*;}
|
||||
-keep class com.mango.plugin.**{*;}
|
||||
|
||||
-keep class android.support.v8.renderscript.** { *; }
|
||||
-keep class androidx.renderscript.** { *; }
|
||||
|
||||
-keep class com.google.android.gms.common.ConnectionResult {
|
||||
int SUCCESS;
|
||||
}
|
||||
-keep class com.google.android.gms.ads.identifier.AdvertisingIdClient {
|
||||
com.google.android.gms.ads.identifier.AdvertisingIdClient$Info getAdvertisingIdInfo(android.content.Context);
|
||||
}
|
||||
-keep class com.google.android.gms.ads.identifier.AdvertisingIdClient$Info {
|
||||
java.lang.String getId();
|
||||
boolean isLimitAdTrackingEnabled();
|
||||
}
|
||||
|
||||
## Appsflyer
|
||||
-keep class com.appsflyer.** { *; }
|
||||
-dontwarn com.android.installreferrer
|
||||
|
||||
## easypermissions
|
||||
-keepclassmembers class * {
|
||||
@@ -469,11 +458,21 @@
|
||||
-keep interface com.yalantis.ucrop.** { *; }
|
||||
|
||||
## BannerViewPage
|
||||
-keep class androidx.recyclerview.widget.**{*;}
|
||||
-keep class androidx.viewpager2.widget.**{*;}
|
||||
-keep class androidx.recyclerview.widget.** { *; }
|
||||
-keep class androidx.viewpager2.widget.** { *; }
|
||||
|
||||
## Adust SDK
|
||||
-keep public class com.adjust.sdk.**{ *; }
|
||||
## Adjust
|
||||
-keep class com.adjust.sdk.** { *; }
|
||||
-keep class com.google.android.gms.common.ConnectionResult {
|
||||
int SUCCESS;
|
||||
}
|
||||
-keep class com.google.android.gms.ads.identifier.AdvertisingIdClient {
|
||||
com.google.android.gms.ads.identifier.AdvertisingIdClient$Info getAdvertisingIdInfo(android.content.Context);
|
||||
}
|
||||
-keep class com.google.android.gms.ads.identifier.AdvertisingIdClient$Info {
|
||||
java.lang.String getId();
|
||||
boolean isLimitAdTrackingEnabled();
|
||||
}
|
||||
-keep public class com.android.installreferrer.**{ *; }
|
||||
-keep class com.sec.android.app.samsungapps.installreferrer.**{ *; }
|
||||
-keep class com.miui.referrer.** {*;}
|
||||
|
||||
-keep public class * extends java.lang.Exception
|
||||
@@ -148,7 +148,7 @@
|
||||
如果 SDKOptions 中提供了,取 SDKOptions 中的值。
|
||||
-->
|
||||
<activity
|
||||
android:name="com.vele.peko.lineapi.LineAuthenticationCallbackActivity"
|
||||
android:name="com.vele.pekolive.lineapi.LineAuthenticationCallbackActivity"
|
||||
android:exported="true"
|
||||
android:launchMode="singleTask"
|
||||
android:noHistory="true">
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.vele.peko.lineapi;
|
||||
package com.vele.pekolive.lineapi;
|
||||
|
||||
import cn.sharesdk.line.LineHandlerActivity;
|
||||
|
||||
@@ -7,8 +7,8 @@ import androidx.collection.LongSparseArray;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import com.google.gson.reflect.TypeToken;
|
||||
import com.yizhuan.xchat_android_core.R;
|
||||
import com.yizhuan.xchat_android_core.DemoCache;
|
||||
import com.yizhuan.xchat_android_core.R;
|
||||
import com.yizhuan.xchat_android_core.bean.response.ServiceResult;
|
||||
import com.yizhuan.xchat_android_core.initial.InitialModel;
|
||||
import com.yizhuan.xchat_android_core.initial.NobleResourceComponent;
|
||||
@@ -218,39 +218,40 @@ public class NobleDataManager {
|
||||
isRequesting = false;
|
||||
}
|
||||
}).flatMap(new Function<ResponseBody, SingleSource<Boolean>>() {
|
||||
@Override
|
||||
public SingleSource<Boolean> apply(ResponseBody responseBody) throws Exception {
|
||||
InputStream inputStream = responseBody.byteStream();
|
||||
if (inputStream == null) return Single.error(new Exception(ResUtil.getString(R.string.xchat_android_core_noble_nobledatamanager_01)));
|
||||
if (nobleZipPath.exists()) {
|
||||
// 删除旧的zip包
|
||||
nobleZipPath.delete();
|
||||
} else {
|
||||
// 创建其父目录
|
||||
if (!nobleZipPath.getParentFile().exists()) {
|
||||
nobleZipPath.getParentFile().mkdirs();
|
||||
@Override
|
||||
public SingleSource<Boolean> apply(ResponseBody responseBody) throws Exception {
|
||||
InputStream inputStream = responseBody.byteStream();
|
||||
if (inputStream == null)
|
||||
return Single.error(new Exception(ResUtil.getString(R.string.xchat_android_core_noble_nobledatamanager_01)));
|
||||
if (nobleZipPath.exists()) {
|
||||
// 删除旧的zip包
|
||||
nobleZipPath.delete();
|
||||
} else {
|
||||
// 创建其父目录
|
||||
if (!nobleZipPath.getParentFile().exists()) {
|
||||
nobleZipPath.getParentFile().mkdirs();
|
||||
}
|
||||
}
|
||||
OutputStream fileOutputStream = new FileOutputStream(nobleZipPath);
|
||||
byte[] bytes = new byte[1024];
|
||||
int read;
|
||||
while ((read = inputStream.read(bytes, 0, bytes.length)) != -1) {
|
||||
fileOutputStream.write(bytes, 0, read);
|
||||
}
|
||||
fileOutputStream.flush();
|
||||
fileOutputStream.close();
|
||||
inputStream.close();
|
||||
// 解压缩是否成功
|
||||
return Single.just(unzipNobleZipFile());
|
||||
}
|
||||
}
|
||||
OutputStream fileOutputStream = new FileOutputStream(nobleZipPath);
|
||||
byte[] bytes = new byte[1024];
|
||||
int read;
|
||||
while ((read = inputStream.read(bytes, 0, bytes.length)) != -1) {
|
||||
fileOutputStream.write(bytes, 0, read);
|
||||
}
|
||||
fileOutputStream.flush();
|
||||
fileOutputStream.close();
|
||||
inputStream.close();
|
||||
// 解压缩是否成功
|
||||
return Single.just(unzipNobleZipFile());
|
||||
}
|
||||
}).observeOn(AndroidSchedulers.mainThread()).subscribe(new Consumer<Boolean>() {
|
||||
@Override
|
||||
public void accept(Boolean aBoolean) throws Exception {
|
||||
if (!aBoolean) return;
|
||||
IMNetEaseManager.get().getChatRoomEventObservable()
|
||||
.onNext(new RoomEvent().setEvent(RoomEvent.ON_NOBLE_CAN_USE));
|
||||
}
|
||||
});
|
||||
}).observeOn(AndroidSchedulers.mainThread()).subscribe(new Consumer<Boolean>() {
|
||||
@Override
|
||||
public void accept(Boolean aBoolean) throws Exception {
|
||||
if (!aBoolean) return;
|
||||
IMNetEaseManager.get().getChatRoomEventObservable()
|
||||
.onNext(new RoomEvent().setEvent(RoomEvent.ON_NOBLE_CAN_USE));
|
||||
}
|
||||
});
|
||||
|
||||
}
|
||||
|
||||
@@ -305,6 +306,7 @@ public class NobleDataManager {
|
||||
BufferedInputStream bis = new BufferedInputStream(zis);
|
||||
//输出路径(文件夹目录)
|
||||
String parent = nobleRootDir.getAbsolutePath() + "/" + onlineVersion;
|
||||
String parentPre = new File(parent).getCanonicalPath();
|
||||
File file;
|
||||
ZipEntry entry;
|
||||
while ((entry = zis.getNextEntry()) != null) {
|
||||
@@ -321,6 +323,9 @@ public class NobleDataManager {
|
||||
continue;
|
||||
}
|
||||
file = new File(parent, entry.getName());
|
||||
if (!file.getCanonicalPath().startsWith(parentPre)) {
|
||||
throw new SecurityException();
|
||||
}
|
||||
if (!file.exists()) {
|
||||
(new File(file.getParent())).mkdirs();
|
||||
} else if (file.exists() && file.isFile() && file.length() > 0) {
|
||||
@@ -399,7 +404,7 @@ public class NobleDataManager {
|
||||
.observeOn(AndroidSchedulers.mainThread());
|
||||
}
|
||||
|
||||
public File getUserLevelPath(){
|
||||
public File getUserLevelPath() {
|
||||
return userLevelPath;
|
||||
}
|
||||
|
||||
|
||||
@@ -753,6 +753,7 @@ public class DynamicFaceModel extends BaseModel implements IDynamicFaceModel {
|
||||
BufferedInputStream bis = new BufferedInputStream(zis);
|
||||
//输出路径(文件夹目录)
|
||||
String parent = facesRootDir.getAbsolutePath() + "/" + faceListInfo.getVersion();
|
||||
String parentPre = new File(parent).getCanonicalPath();
|
||||
File file;
|
||||
ZipEntry entry;
|
||||
while ((entry = zis.getNextEntry()) != null) {
|
||||
@@ -768,6 +769,9 @@ public class DynamicFaceModel extends BaseModel implements IDynamicFaceModel {
|
||||
continue;
|
||||
}
|
||||
file = new File(parent, entry.getName());
|
||||
if (!file.getCanonicalPath().startsWith(parentPre)) {
|
||||
throw new SecurityException();
|
||||
}
|
||||
if (!file.exists()) {
|
||||
(new File(file.getParent())).mkdirs();
|
||||
} else if (file.exists() && file.isFile() && file.length() > 0) {
|
||||
|
||||
Reference in New Issue
Block a user