transfers: Don't allow a received file to be saved outside of the

transfer folder.

Since relative paths are valid for GFiles, we need to make sure
they resolve as descendants of the incoming transfer folder.

src/transfers.py

@@ -4,6 +4,7 @@
 import logging
 import stat
 import shutil
+import gettext
 
 from gi.repository import GLib, Gio, GObject
 
@@ -12,6 +13,8 @@
 import prefs
 import warp_pb2
 
+_ = gettext.gettext
+
 FILE_INFOS = ",".join([
     "standard::size",
     "standard::allocated-size",
@@ -164,6 +167,7 @@ class FileReceiver(GObject.Object):
     def __init__(self, op):
         super(FileReceiver, self).__init__()
         self.save_path = prefs.get_save_path()
+        self.save_path_file = Gio.File.new_for_path(self.save_path)
         self.op = op
         self.preserve_perms = prefs.preserve_permissions() and util.save_folder_is_native_fs()
         self.preserve_timestamp = prefs.preserve_timestamp() and util.save_folder_is_native_fs()
@@ -208,6 +212,9 @@ def receive_data(self, s):
 
         if not self.current_gfile:
             self.current_gfile = Gio.File.new_for_path(path)
+            # Check for valid path (GFile resolves paths upon creation).
+            if self.save_path_file.get_relative_path(self.current_gfile) is None:
+                raise Exception(_("Resolved path is not valid: %s -> %s") % (path, self.current_gfile.get_path()))
 
         if s.file_type == FileType.DIRECTORY:
             os.makedirs(path, exist_ok=True)