Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Issue 453 #454

Closed
wants to merge 1 commit into from
Closed
Changes from all commits
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

Fix Issue

Fix issue 453
  • Loading branch information...
Proteas committed May 16, 2018
commit a431f782569c7dacbf58d2b72b0b80e71d2c81fe
@@ -53,6 +53,7 @@ typedef NS_ENUM(NSInteger, SSZipArchiveErrorCode) {
toDestination:(NSString *)destination
preserveAttributes:(BOOL)preserveAttributes
overwrite:(BOOL)overwrite
security:(BOOL)security
password:(nullable NSString *)password
error:(NSError * *)error
delegate:(nullable id<SSZipArchiveDelegate>)delegate;
@@ -73,6 +74,7 @@ typedef NS_ENUM(NSInteger, SSZipArchiveErrorCode) {
toDestination:(NSString *)destination
preserveAttributes:(BOOL)preserveAttributes
overwrite:(BOOL)overwrite
security:(BOOL)security
nestedZipLevel:(NSInteger)nestedZipLevel
password:(nullable NSString *)password
error:(NSError **)error
@@ -157,12 +157,12 @@ + (BOOL)unzipFileAtPath:(NSString *)path toDestination:(NSString *)destination

+ (BOOL)unzipFileAtPath:(NSString *)path toDestination:(NSString *)destination overwrite:(BOOL)overwrite password:(nullable NSString *)password error:(NSError **)error
{
return [self unzipFileAtPath:path toDestination:destination preserveAttributes:YES overwrite:overwrite password:password error:error delegate:nil progressHandler:nil completionHandler:nil];
return [self unzipFileAtPath:path toDestination:destination preserveAttributes:YES overwrite:overwrite security:YES password:password error:error delegate:nil progressHandler:nil completionHandler:nil];
}

+ (BOOL)unzipFileAtPath:(NSString *)path toDestination:(NSString *)destination delegate:(nullable id<SSZipArchiveDelegate>)delegate
{
return [self unzipFileAtPath:path toDestination:destination preserveAttributes:YES overwrite:YES password:nil error:nil delegate:delegate progressHandler:nil completionHandler:nil];
return [self unzipFileAtPath:path toDestination:destination preserveAttributes:YES overwrite:YES security:YES password:nil error:nil delegate:delegate progressHandler:nil completionHandler:nil];
}

+ (BOOL)unzipFileAtPath:(NSString *)path
@@ -172,7 +172,7 @@ + (BOOL)unzipFileAtPath:(NSString *)path
error:(NSError **)error
delegate:(nullable id<SSZipArchiveDelegate>)delegate
{
return [self unzipFileAtPath:path toDestination:destination preserveAttributes:YES overwrite:overwrite password:password error:error delegate:delegate progressHandler:nil completionHandler:nil];
return [self unzipFileAtPath:path toDestination:destination preserveAttributes:YES overwrite:overwrite security:YES password:password error:error delegate:delegate progressHandler:nil completionHandler:nil];
}

+ (BOOL)unzipFileAtPath:(NSString *)path
@@ -182,45 +182,48 @@ + (BOOL)unzipFileAtPath:(NSString *)path
progressHandler:(void (^)(NSString *entry, unz_file_info zipInfo, long entryNumber, long total))progressHandler
completionHandler:(void (^)(NSString *path, BOOL succeeded, NSError * _Nullable error))completionHandler
{
return [self unzipFileAtPath:path toDestination:destination preserveAttributes:YES overwrite:overwrite password:password error:nil delegate:nil progressHandler:progressHandler completionHandler:completionHandler];
return [self unzipFileAtPath:path toDestination:destination preserveAttributes:YES overwrite:overwrite security:YES password:password error:nil delegate:nil progressHandler:progressHandler completionHandler:completionHandler];
}

+ (BOOL)unzipFileAtPath:(NSString *)path
toDestination:(NSString *)destination
progressHandler:(void (^_Nullable)(NSString *entry, unz_file_info zipInfo, long entryNumber, long total))progressHandler
completionHandler:(void (^_Nullable)(NSString *path, BOOL succeeded, NSError * _Nullable error))completionHandler
{
return [self unzipFileAtPath:path toDestination:destination preserveAttributes:YES overwrite:YES password:nil error:nil delegate:nil progressHandler:progressHandler completionHandler:completionHandler];
return [self unzipFileAtPath:path toDestination:destination preserveAttributes:YES overwrite:YES security:YES password:nil error:nil delegate:nil progressHandler:progressHandler completionHandler:completionHandler];
}

+ (BOOL)unzipFileAtPath:(NSString *)path
toDestination:(NSString *)destination
preserveAttributes:(BOOL)preserveAttributes
overwrite:(BOOL)overwrite
security:(BOOL)security
password:(nullable NSString *)password
error:(NSError * *)error
delegate:(nullable id<SSZipArchiveDelegate>)delegate
{
return [self unzipFileAtPath:path toDestination:destination preserveAttributes:preserveAttributes overwrite:overwrite password:password error:error delegate:delegate progressHandler:nil completionHandler:nil];
return [self unzipFileAtPath:path toDestination:destination preserveAttributes:preserveAttributes overwrite:overwrite security:security password:password error:error delegate:delegate progressHandler:nil completionHandler:nil];
}

+ (BOOL)unzipFileAtPath:(NSString *)path
toDestination:(NSString *)destination
preserveAttributes:(BOOL)preserveAttributes
overwrite:(BOOL)overwrite
security:(BOOL)security
password:(nullable NSString *)password
error:(NSError **)error
delegate:(nullable id<SSZipArchiveDelegate>)delegate
progressHandler:(void (^_Nullable)(NSString *entry, unz_file_info zipInfo, long entryNumber, long total))progressHandler
completionHandler:(void (^_Nullable)(NSString *path, BOOL succeeded, NSError * _Nullable error))completionHandler
{
return [self unzipFileAtPath:path toDestination:destination preserveAttributes:preserveAttributes overwrite:overwrite nestedZipLevel:0 password:password error:error delegate:delegate progressHandler:progressHandler completionHandler:completionHandler];
return [self unzipFileAtPath:path toDestination:destination preserveAttributes:preserveAttributes overwrite:overwrite security:security nestedZipLevel:0 password:password error:error delegate:delegate progressHandler:progressHandler completionHandler:completionHandler];
}

+ (BOOL)unzipFileAtPath:(NSString *)path
toDestination:(NSString *)destination
preserveAttributes:(BOOL)preserveAttributes
overwrite:(BOOL)overwrite
security:(BOOL)security
nestedZipLevel:(NSInteger)nestedZipLevel
password:(nullable NSString *)password
error:(NSError **)error
@@ -376,6 +379,26 @@ + (BOOL)unzipFileAtPath:(NSString *)path
free(filename);
continue;
}

if (security && fileIsSymbolicLink) {
// ignoring item: symbolic link
NSLog(@"[SSZipArchive] Security Ignore Item (Symbolic Link)");

This comment has been minimized.

Copy link
@acton393

acton393 May 16, 2018

I don't think it is good to using NSLog directly to print things.

unzCloseCurrentFile(zip);
ret = unzGoToNextFile(zip);
free(filename);
continue;
}

BOOL hasDirTraversal = [strPath rangeOfString:@".."].location != NSNotFound;
if (security && hasDirTraversal) {
// ignoring item: directory traversal
NSLog(@"[SSZipArchive] Security Ignore Item (Dir Traversal): %@", strPath);
unzCloseCurrentFile(zip);
ret = unzGoToNextFile(zip);
free(filename);
continue;
}

if (!strPath.length) {
// if filename data is unsalvageable, we default to currentFileNumber
strPath = @(currentFileNumber).stringValue;
@@ -460,6 +483,7 @@ + (BOOL)unzipFileAtPath:(NSString *)path
toDestination:fullPath.stringByDeletingLastPathComponent
preserveAttributes:preserveAttributes
overwrite:overwrite
security:security
nestedZipLevel:nestedZipLevel - 1
password:password
error:nil
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.