From 897428c794ba00a150127bec522128c507ee946c Mon Sep 17 00:00:00 2001
From: C. Scott Ananian <cscott@laptop.org>
Date: Fri, 26 Sep 2008 04:47:35 +0000
Subject: Trac #8674: sanity-check bundle root; don't delete install_root on failure.

The software updater was deleting ~/Activities when it encountered a bad
bundle.  Two separate issues:  we didn't sanity check the bundle root to
ensure it wasn't '.' or '..' or something crazy like that, and our "clean
up on failure" code was deleting the install_root instead of the activity
root (!).  This was a regression introduced by the fix for #7733 in
commit db2d1c42e2481d6dbc15405840ac23e46eab7318 (0.82.2).
---
(limited to 'src')

diff --git a/src/sugar/bundle/bundle.py b/src/sugar/bundle/bundle.py
index 0319b9e..e9bd9f8 100644
--- a/src/sugar/bundle/bundle.py
+++ b/src/sugar/bundle/bundle.py
@@ -86,6 +86,9 @@ class Bundle:
             del file_names[0]
 
         self._zip_root_dir = file_names[0].split('/')[0]
+        if self._zip_root_dir.startswith('.'):
+            raise MalformedBundleException(
+                'root directory starts with .')
         if self._unzipped_extension is not None:
             (name_, ext) = os.path.splitext(self._zip_root_dir)
             if ext != self._unzipped_extension:
@@ -162,7 +165,8 @@ class Bundle:
         if os.spawnlp(os.P_WAIT, 'unzip', 'unzip', '-o', self._path,
                       '-x', 'mimetype', '-d', install_dir):
             # clean up install dir after failure
-            shutil.rmtree(install_dir, ignore_errors=True)
+            shutil.rmtree(os.path.join(install_dir, self._zip_root_dir),
+                          ignore_errors=True)
             # indicate failure.
             raise ZipExtractException
 
--
cgit v0.9.1