react-native-update 7.3.2 → 7.4.0-beta.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -16,40 +16,6 @@ public class SafeZipFile extends ZipFile {
|
|
|
16
16
|
super(file);
|
|
17
17
|
}
|
|
18
18
|
|
|
19
|
-
@Override
|
|
20
|
-
public Enumeration<? extends ZipEntry> entries() {
|
|
21
|
-
return new SafeZipEntryIterator(super.entries());
|
|
22
|
-
}
|
|
23
|
-
|
|
24
|
-
private static class SafeZipEntryIterator implements Enumeration<ZipEntry> {
|
|
25
|
-
|
|
26
|
-
final private Enumeration<? extends ZipEntry> delegate;
|
|
27
|
-
|
|
28
|
-
private SafeZipEntryIterator(Enumeration<? extends ZipEntry> delegate) {
|
|
29
|
-
this.delegate = delegate;
|
|
30
|
-
}
|
|
31
|
-
|
|
32
|
-
@Override
|
|
33
|
-
public boolean hasMoreElements() {
|
|
34
|
-
return delegate.hasMoreElements();
|
|
35
|
-
}
|
|
36
|
-
|
|
37
|
-
@Override
|
|
38
|
-
public ZipEntry nextElement() {
|
|
39
|
-
ZipEntry entry = delegate.nextElement();
|
|
40
|
-
if (null != entry) {
|
|
41
|
-
String name = entry.getName();
|
|
42
|
-
/**
|
|
43
|
-
* avoid ZipperDown
|
|
44
|
-
*/
|
|
45
|
-
if (null != name && (name.contains("../") || name.contains("..\\"))) {
|
|
46
|
-
throw new SecurityException("illegal entry: " + entry.getName());
|
|
47
|
-
}
|
|
48
|
-
}
|
|
49
|
-
return entry;
|
|
50
|
-
}
|
|
51
|
-
}
|
|
52
|
-
|
|
53
19
|
public void unzipToFile(ZipEntry entry, File output) throws IOException {
|
|
54
20
|
InputStream inputStream = null;
|
|
55
21
|
try {
|
|
@@ -63,6 +29,11 @@ public class SafeZipFile extends ZipFile {
|
|
|
63
29
|
}
|
|
64
30
|
|
|
65
31
|
private void writeOutInputStream(File file, InputStream inputStream) throws IOException {
|
|
32
|
+
// https://support.google.com/faqs/answer/9294009
|
|
33
|
+
String canonicalPath = file.getCanonicalPath();
|
|
34
|
+
if (!canonicalPath.startsWith(UpdateContext.getRootDir())) {
|
|
35
|
+
throw new SecurityException("illegal entry: " + file.getName());
|
|
36
|
+
}
|
|
66
37
|
BufferedOutputStream output = null;
|
|
67
38
|
try {
|
|
68
39
|
output = new BufferedOutputStream(
|
|
@@ -19,13 +19,14 @@ import java.io.File;
|
|
|
19
19
|
|
|
20
20
|
public class UpdateContext {
|
|
21
21
|
private Context context;
|
|
22
|
-
private File rootDir;
|
|
22
|
+
private static File rootDir;
|
|
23
23
|
private Executor executor;
|
|
24
24
|
|
|
25
25
|
public static boolean DEBUG = false;
|
|
26
26
|
private static ReactInstanceManager mReactInstanceManager;
|
|
27
27
|
private static boolean isUsingBundleUrl = false;
|
|
28
28
|
|
|
29
|
+
|
|
29
30
|
public UpdateContext(Context context) {
|
|
30
31
|
this.context = context;
|
|
31
32
|
this.executor = Executors.newSingleThreadExecutor();
|
|
@@ -49,7 +50,7 @@ public class UpdateContext {
|
|
|
49
50
|
}
|
|
50
51
|
}
|
|
51
52
|
|
|
52
|
-
public String getRootDir() {
|
|
53
|
+
public static String getRootDir() {
|
|
53
54
|
return rootDir.toString();
|
|
54
55
|
}
|
|
55
56
|
|
package/lib/main.js
CHANGED
|
@@ -138,7 +138,7 @@ export async function checkUpdate(APPKEY, isRetry) {
|
|
|
138
138
|
});
|
|
139
139
|
} catch (e) {
|
|
140
140
|
if (isRetry) {
|
|
141
|
-
throw new Error('
|
|
141
|
+
throw new Error('无法连接更新服务器,请检查网络连接后重试');
|
|
142
142
|
}
|
|
143
143
|
await tryBackupEndpoints(APPKEY);
|
|
144
144
|
return checkUpdate(APPKEY, true);
|
|
@@ -227,7 +227,7 @@ export async function downloadUpdate(options, eventListeners) {
|
|
|
227
227
|
} catch (e) {
|
|
228
228
|
progressHandler && progressHandler.remove();
|
|
229
229
|
report(options.hash, 'error');
|
|
230
|
-
|
|
230
|
+
throw e;
|
|
231
231
|
}
|
|
232
232
|
}
|
|
233
233
|
} else if (options.pdiffUrl) {
|
|
@@ -240,7 +240,7 @@ export async function downloadUpdate(options, eventListeners) {
|
|
|
240
240
|
} catch (e) {
|
|
241
241
|
progressHandler && progressHandler.remove();
|
|
242
242
|
report(options.hash, 'error');
|
|
243
|
-
|
|
243
|
+
throw e;
|
|
244
244
|
}
|
|
245
245
|
}
|
|
246
246
|
setLocalHashInfo(options.hash, {
|
package/lib/simpleUpdate.js
CHANGED
|
@@ -36,7 +36,7 @@ export function simpleUpdate(WrappedComponent) {
|
|
|
36
36
|
this.checkUpdate();
|
|
37
37
|
}
|
|
38
38
|
componentWillUnmount() {
|
|
39
|
-
this.stateListener.remove();
|
|
39
|
+
this.stateListener && this.stateListener.remove();
|
|
40
40
|
}
|
|
41
41
|
doUpdate = async (info) => {
|
|
42
42
|
try {
|
|
@@ -44,7 +44,7 @@ export function simpleUpdate(WrappedComponent) {
|
|
|
44
44
|
if (!hash) {
|
|
45
45
|
return;
|
|
46
46
|
}
|
|
47
|
-
this.stateListener.remove();
|
|
47
|
+
this.stateListener && this.stateListener.remove();
|
|
48
48
|
Alert.alert('提示', '下载完毕,是否立即更新?', [
|
|
49
49
|
{
|
|
50
50
|
text: '以后再说',
|
|
@@ -94,7 +94,7 @@ export function simpleUpdate(WrappedComponent) {
|
|
|
94
94
|
},
|
|
95
95
|
},
|
|
96
96
|
]);
|
|
97
|
-
} else {
|
|
97
|
+
} else if (info.update) {
|
|
98
98
|
Alert.alert(
|
|
99
99
|
'提示',
|
|
100
100
|
'检查到新的版本' + info.name + ',是否下载?\n' + info.description,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "react-native-update",
|
|
3
|
-
"version": "7.
|
|
3
|
+
"version": "7.4.0-beta.0",
|
|
4
4
|
"description": "react-native hot update",
|
|
5
5
|
"main": "lib/index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -28,6 +28,6 @@
|
|
|
28
28
|
},
|
|
29
29
|
"homepage": "https://github.com/reactnativecn/react-native-pushy#readme",
|
|
30
30
|
"dependencies": {
|
|
31
|
-
"nanoid": "^3.1.
|
|
31
|
+
"nanoid": "^3.1.30"
|
|
32
32
|
}
|
|
33
33
|
}
|