0f07972996
Signed-off-by: lvgenggeng <lvgenggeng@uniontech.com> (cherry picked from commit 353d0a2d6b6b6264e7373fb7e69869e4cd981918)
33 lines
1.3 KiB
Diff
33 lines
1.3 KiB
Diff
From 369eebe936e4a8c83cc54662a3412ce8bef189e4 Mon Sep 17 00:00:00 2001
|
|
From: Kevin Hendricks <kevin.b.hendricks@icloud.com>
|
|
Date: Wed, 26 Jun 2019 14:33:01 -0400
|
|
Subject: [PATCH 1/1] do not allow zip files to have upward relative path
|
|
sections
|
|
|
|
---
|
|
src/Importers/ImportEPUB.cpp | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/src/Importers/ImportEPUB.cpp b/src/Importers/ImportEPUB.cpp
|
|
index 722815ad4..501f49f8e 100644
|
|
--- a/src/Importers/ImportEPUB.cpp
|
|
+++ b/src/Importers/ImportEPUB.cpp
|
|
@@ -424,6 +424,14 @@ void ImportEPUB::ExtractContainer()
|
|
|
|
// If there is no file name then we can't do anything with it.
|
|
if (!qfile_name.isEmpty()) {
|
|
+
|
|
+ // for security reasons we need the file path to always be inside the
|
|
+ // target folder and not outside, so we will remove all relative upward
|
|
+ // paths segments ".." from the file path before prepending the target
|
|
+ // folder to create the final target path
|
|
+ qfile_name = qfile_name.replace("../","");
|
|
+ cp437_file_name = cp437_file_name.replace("../","");
|
|
+
|
|
// We use the dir object to create the path in the temporary directory.
|
|
// Unfortunately, we need a dir ojbect to do this as it's not a static function.
|
|
QDir dir(m_ExtractedFolderPath);
|
|
--
|
|
2.20.1
|
|
|