From ba93efa911b05eaf421e95674eb5d6efc121dc5e Mon Sep 17 00:00:00 2001
From: Reinhard Pointner <reinhard.pointner@gmail.com>
Date: Sun, 18 Mar 2018 18:24:29 +0700
Subject: [PATCH] Always use canonical file path for application folder paths

---
 source/net/filebot/ApplicationFolder.java       | 17 +++++++++++++++--
 .../filebot/format/SecureCompiledScript.java    |  2 +-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/source/net/filebot/ApplicationFolder.java b/source/net/filebot/ApplicationFolder.java
index 8c2f17a9..6859e77a 100644
--- a/source/net/filebot/ApplicationFolder.java
+++ b/source/net/filebot/ApplicationFolder.java
@@ -1,8 +1,13 @@
 package net.filebot;
 
+import static net.filebot.Logging.*;
 import static net.filebot.Settings.*;
 
 import java.io.File;
+import java.io.IOException;
+import java.nio.file.LinkOption;
+import java.nio.file.Paths;
+import java.util.logging.Level;
 
 public enum ApplicationFolder {
 
@@ -15,10 +20,18 @@ public enum ApplicationFolder {
 
 	Cache(System.getProperty("application.cache", AppData.resolve("cache").getPath()));
 
-	private final File path;
+	private File path;
 
 	ApplicationFolder(String path) {
-		this.path = new File(path);
+		try {
+			// use canonical file path
+			this.path = Paths.get(path).toRealPath(LinkOption.NOFOLLOW_LINKS).toFile();
+		} catch (IOException e) {
+			debug.log(Level.WARNING, e, e::toString);
+
+			// default to file path as is
+			this.path = new File(path).getAbsoluteFile();
+		}
 	}
 
 	public File get() {
diff --git a/source/net/filebot/format/SecureCompiledScript.java b/source/net/filebot/format/SecureCompiledScript.java
index b18e33a8..af62af68 100644
--- a/source/net/filebot/format/SecureCompiledScript.java
+++ b/source/net/filebot/format/SecureCompiledScript.java
@@ -59,7 +59,7 @@ public class SecureCompiledScript extends CompiledScript {
 
 		// write permissions for cache and temp folders
 		for (ApplicationFolder it : ApplicationFolder.values()) {
-			permissions.add(new FilePermission(it.get().getAbsolutePath() + File.separator + "-", "read, write, delete"));
+			permissions.add(new FilePermission(it.get() + File.separator + "-", "read, write, delete"));
 		}
 
 		return permissions;