addressed Unzip zip-slip-vulnerability

closes #2098
fuel · Jul 18, 2018 · 95945e1 · 95945e1
1 parent 0a7931b
commit 95945e1
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/classes/unzip.php b/classes/unzip.php
@@ -129,9 +129,16 @@ public function extract($zip_file, $target_dir = NULL, $preserve_filepath = TRUE
 				continue;
 			}
 
-			$file_locations[] = $file_location = $this->_target_dir . '/' . ($preserve_filepath ? $file : basename($file));
-
-			$this->_extract_file($file, $file_location);
+			$file_location = realpath($this->_target_dir . '/' . ($preserve_filepath ? $file : basename($file)));
+			if ($file_location and strpos($file_location, $this->_target_dir) === 0)
+			{
+				$file_locations[] = $file_location;
+				$this->_extract_file($file, $file_location);
+			}
+			else
+			{
+				throw new \FuelException('ZIP file attempted to use the zip-slip-vulnerability. Extraction aborted.');
+			}
 		}
 
 		return $file_locations;