react-native-update 7.4.0 → 7.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -16,6 +16,40 @@ public class SafeZipFile extends ZipFile {
|
|
|
16
16
|
super(file);
|
|
17
17
|
}
|
|
18
18
|
|
|
19
|
+
@Override
|
|
20
|
+
public Enumeration<? extends ZipEntry> entries() {
|
|
21
|
+
return new SafeZipEntryIterator(super.entries());
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
private static class SafeZipEntryIterator implements Enumeration<ZipEntry> {
|
|
25
|
+
|
|
26
|
+
final private Enumeration<? extends ZipEntry> delegate;
|
|
27
|
+
|
|
28
|
+
private SafeZipEntryIterator(Enumeration<? extends ZipEntry> delegate) {
|
|
29
|
+
this.delegate = delegate;
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
@Override
|
|
33
|
+
public boolean hasMoreElements() {
|
|
34
|
+
return delegate.hasMoreElements();
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
@Override
|
|
38
|
+
public ZipEntry nextElement() {
|
|
39
|
+
ZipEntry entry = delegate.nextElement();
|
|
40
|
+
if (null != entry) {
|
|
41
|
+
String name = entry.getName();
|
|
42
|
+
/**
|
|
43
|
+
* avoid ZipperDown
|
|
44
|
+
*/
|
|
45
|
+
if (null != name && (name.contains("../") || name.contains("..\\"))) {
|
|
46
|
+
throw new SecurityException("illegal entry: " + entry.getName());
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
return entry;
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
|
|
19
53
|
public void unzipToFile(ZipEntry entry, File output) throws IOException {
|
|
20
54
|
InputStream inputStream = null;
|
|
21
55
|
try {
|
|
@@ -29,11 +63,6 @@ public class SafeZipFile extends ZipFile {
|
|
|
29
63
|
}
|
|
30
64
|
|
|
31
65
|
private void writeOutInputStream(File file, InputStream inputStream) throws IOException {
|
|
32
|
-
// https://support.google.com/faqs/answer/9294009
|
|
33
|
-
String canonicalPath = file.getCanonicalPath();
|
|
34
|
-
if (!canonicalPath.startsWith(UpdateContext.getRootDir())) {
|
|
35
|
-
throw new SecurityException("illegal entry: " + file.getName());
|
|
36
|
-
}
|
|
37
66
|
BufferedOutputStream output = null;
|
|
38
67
|
try {
|
|
39
68
|
output = new BufferedOutputStream(
|
|
@@ -19,14 +19,13 @@ import java.io.File;
|
|
|
19
19
|
|
|
20
20
|
public class UpdateContext {
|
|
21
21
|
private Context context;
|
|
22
|
-
private
|
|
22
|
+
private File rootDir;
|
|
23
23
|
private Executor executor;
|
|
24
24
|
|
|
25
25
|
public static boolean DEBUG = false;
|
|
26
26
|
private static ReactInstanceManager mReactInstanceManager;
|
|
27
27
|
private static boolean isUsingBundleUrl = false;
|
|
28
28
|
|
|
29
|
-
|
|
30
29
|
public UpdateContext(Context context) {
|
|
31
30
|
this.context = context;
|
|
32
31
|
this.executor = Executors.newSingleThreadExecutor();
|
|
@@ -50,7 +49,7 @@ public class UpdateContext {
|
|
|
50
49
|
}
|
|
51
50
|
}
|
|
52
51
|
|
|
53
|
-
public
|
|
52
|
+
public String getRootDir() {
|
|
54
53
|
return rootDir.toString();
|
|
55
54
|
}
|
|
56
55
|
|
package/ios/pushy_build_time.txt
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
1654072539
|
package/lib/main.js
CHANGED
|
@@ -181,11 +181,7 @@ export async function downloadUpdate(options, eventListeners) {
|
|
|
181
181
|
}
|
|
182
182
|
if (downloadedHash === options.hash) {
|
|
183
183
|
logger(`duplicated downloaded hash ${downloadedHash}, ignored`);
|
|
184
|
-
return;
|
|
185
|
-
}
|
|
186
|
-
if (readyHash) {
|
|
187
|
-
logger(`hash ${readyHash} applied. reboot first`);
|
|
188
|
-
return;
|
|
184
|
+
return downloadedHash;
|
|
189
185
|
}
|
|
190
186
|
if (downloadingThrottling) {
|
|
191
187
|
logger('repeated downloading, ignored');
|
|
@@ -261,7 +257,6 @@ export async function downloadUpdate(options, eventListeners) {
|
|
|
261
257
|
return options.hash;
|
|
262
258
|
}
|
|
263
259
|
|
|
264
|
-
let readyHash;
|
|
265
260
|
function assertHash(hash) {
|
|
266
261
|
if (!downloadedHash) {
|
|
267
262
|
logger(`no downloaded hash`);
|
|
@@ -271,11 +266,6 @@ function assertHash(hash) {
|
|
|
271
266
|
logger(`use downloaded hash ${downloadedHash} first`);
|
|
272
267
|
return;
|
|
273
268
|
}
|
|
274
|
-
if (readyHash === hash) {
|
|
275
|
-
logger(`hash ${readyHash} already applied. reboot first.`);
|
|
276
|
-
return;
|
|
277
|
-
}
|
|
278
|
-
readyHash = hash;
|
|
279
269
|
return true;
|
|
280
270
|
}
|
|
281
271
|
|
package/package.json
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "react-native-update",
|
|
3
|
-
"version": "7.4.
|
|
3
|
+
"version": "7.4.3",
|
|
4
4
|
"description": "react-native hot update",
|
|
5
5
|
"main": "lib/index.js",
|
|
6
6
|
"scripts": {
|
|
7
|
+
"prepublish": "yarn submodule",
|
|
7
8
|
"submodule": "git submodule update --init --recursive",
|
|
8
9
|
"test": "echo \"Error: no test specified\" && exit 1",
|
|
9
10
|
"build-lib": "yarn submodule && $ANDROID_HOME/ndk/20.1.5948944/ndk-build NDK_PROJECT_PATH=android APP_BUILD_SCRIPT=android/jni/Android.mk NDK_APPLICATION_MK=android/jni/Application.mk NDK_LIBS_OUT=android/lib"
|