Skip to content

Commit 369eebe

Browse files
do not allow zip files to have upward relative path sections
1 parent ea7f27d commit 369eebe

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

Diff for: src/Importers/ImportEPUB.cpp

+8
Original file line numberDiff line numberDiff line change
@@ -424,6 +424,14 @@ void ImportEPUB::ExtractContainer()
424424

425425
// If there is no file name then we can't do anything with it.
426426
if (!qfile_name.isEmpty()) {
427+
428+
// for security reasons we need the file path to always be inside the
429+
// target folder and not outside, so we will remove all relative upward
430+
// paths segments ".." from the file path before prepending the target
431+
// folder to create the final target path
432+
qfile_name = qfile_name.replace("../","");
433+
cp437_file_name = cp437_file_name.replace("../","");
434+
427435
// We use the dir object to create the path in the temporary directory.
428436
// Unfortunately, we need a dir ojbect to do this as it's not a static function.
429437
QDir dir(m_ExtractedFolderPath);

0 commit comments

Comments
 (0)