Update message related to potential path traversal attack

dimagi · Jan 20, 2023 · 9f6fb4d · 9f6fb4d
1 parent 2a8b2ea
commit 9f6fb4d
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/app/assets/locales/android_translatable_strings.txt b/app/assets/locales/android_translatable_strings.txt
@@ -285,7 +285,7 @@ mult.install.bad=The selected ZIP file is not valid. Please choose a valid zip f
 mult.install.progress.baddest=Couldn't write multimedia to the local filesystem at: ${0}
 mult.install.progress.badentry=There was a bad entry in the zip file: ${0}
 mult.install.progress.errormoving=There was a problem copying the multimedia from the zip file, please try again.
-mult.install.progress.invalid.entry=The path of the entry ${0} doesn't match the parent folder, review the content of the ZIP file and try again!
+mult.install.progress.invalid.ccz=The selected CCZ file is invalid, please review its content and try again!
 
 mult.install.prompt=From here you can install your app multimedia from a ZIP file on the local filesystem
 mult.install.button=Install Multimedia

diff --git a/app/src/org/commcare/tasks/UnzipTask.java b/app/src/org/commcare/tasks/UnzipTask.java
@@ -87,7 +87,7 @@ private Integer unZipFromStream(ZipInputStream zis, String destinationPath) {
                 String outputCanonicalPath = entryOutput.getCanonicalPath();
                 // Check if the entry path aligns with the destination folder
                 if (!outputCanonicalPath.startsWith(destCanonicalPath)) {
-                    throw new SecurityException(Localization.get("mult.install.progress.invalid.entry", new String[]{entry.getName()}));
+                    throw new SecurityException(Localization.get("mult.install.progress.invalid.ccz"));
                 }
 
                 if (entry.isDirectory()) {