From 369eebe936e4a8c83cc54662a3412ce8bef189e4 Mon Sep 17 00:00:00 2001
From: Kevin Hendricks <kevin.b.hendricks@icloud.com>
Date: Wed, 26 Jun 2019 14:33:01 -0400
Subject: [PATCH 1/1] do not allow zip files to have upward relative path
 sections

---
 src/Importers/ImportEPUB.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/Importers/ImportEPUB.cpp b/src/Importers/ImportEPUB.cpp
index 722815ad4..501f49f8e 100644
--- a/src/Importers/ImportEPUB.cpp
+++ b/src/Importers/ImportEPUB.cpp
@@ -424,6 +424,14 @@ void ImportEPUB::ExtractContainer()
 
             // If there is no file name then we can't do anything with it.
             if (!qfile_name.isEmpty()) {
+
+	        // for security reasons we need the file path to always be inside the 
+                // target folder and not outside, so we will remove all relative upward 
+                // paths segments ".." from the file path before prepending the target 
+                // folder to create the final target path
+	        qfile_name = qfile_name.replace("../","");
+                cp437_file_name = cp437_file_name.replace("../","");
+
                 // We use the dir object to create the path in the temporary directory.
                 // Unfortunately, we need a dir ojbect to do this as it's not a static function.
                 QDir dir(m_ExtractedFolderPath);
-- 
2.20.1