CLAassistant
commented
1 year ago
All committers have signed the CLA.
Open captain6541 opened 1 year ago
CLAassistant
commented
1 year ago
All committers have signed the CLA.
CLAassistant
commented
1 year ago
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
The File. getAbsolutePath() method obtains the file path without filtering ". or. ". There is a risk of cross path attacks. It is recommended to use getCannonicalPath() to obtain the absolute path.
https://developer.android.com/reference/java/io/File
File.getAbsolutePath()方法获取文件路径,没有过滤“.\或.\”,存在跨路径攻击风险,推荐使用getCannonicalPath() 获取绝对路径。