We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent ea7f27d commit 369eebeCopy full SHA for 369eebe
src/Importers/ImportEPUB.cpp
@@ -424,6 +424,14 @@ void ImportEPUB::ExtractContainer()
424
425
// If there is no file name then we can't do anything with it.
426
if (!qfile_name.isEmpty()) {
427
+
428
+ // for security reasons we need the file path to always be inside the
429
+ // target folder and not outside, so we will remove all relative upward
430
+ // paths segments ".." from the file path before prepending the target
431
+ // folder to create the final target path
432
+ qfile_name = qfile_name.replace("../","");
433
+ cp437_file_name = cp437_file_name.replace("../","");
434
435
// We use the dir object to create the path in the temporary directory.
436
// Unfortunately, we need a dir ojbect to do this as it's not a static function.
437
QDir dir(m_ExtractedFolderPath);
0 commit comments