mirror of
https://github.com/pocoproject/poco.git
synced 2024-12-13 18:45:10 +01:00
fixed #331: Poco::Zip does not support files with .. in the name.
This commit is contained in:
parent
6ddce4c9ff
commit
f09ed71a47
@ -90,7 +90,9 @@ public:
|
||||
FT_ASCII = 1
|
||||
};
|
||||
|
||||
static const std::string ILLEGAL_PATH;
|
||||
static bool isValidPath(const std::string& path);
|
||||
/// Checks whether the given path is valid (does
|
||||
/// not contain ".." path segments).
|
||||
};
|
||||
|
||||
|
||||
|
@ -192,8 +192,8 @@ void Compress::addDirectory(const Poco::Path& entryName, const Poco::DateTime& l
|
||||
throw ZipException("Illegal entry name /");
|
||||
if (fileStr.empty())
|
||||
throw ZipException("Illegal empty entry name");
|
||||
if (fileStr.find(ZipCommon::ILLEGAL_PATH) != std::string::npos)
|
||||
throw ZipException("Illegal entry name " + fileStr + " containing " + ZipCommon::ILLEGAL_PATH);
|
||||
if (!ZipCommon::isValidPath(fileStr))
|
||||
throw ZipException("Illegal entry name " + fileStr + " containing parent directory reference");
|
||||
|
||||
if (entryName.depth() > 1)
|
||||
{
|
||||
|
@ -81,8 +81,8 @@ bool Decompress::handleZipEntry(std::istream& zipStream, const ZipLocalFileHeade
|
||||
if (!_flattenDirs)
|
||||
{
|
||||
std::string dirName = hdr.getFileName();
|
||||
if (dirName.find(ZipCommon::ILLEGAL_PATH) != std::string::npos)
|
||||
throw ZipException("Illegal entry name " + dirName + " containing " + ZipCommon::ILLEGAL_PATH);
|
||||
if (!ZipCommon::isValidPath(dirName))
|
||||
throw ZipException("Illegal entry name " + dirName + " containing parent directory reference");
|
||||
Poco::Path dir(_outDir, dirName);
|
||||
dir.makeDirectory();
|
||||
Poco::File aFile(dir);
|
||||
@ -101,8 +101,8 @@ bool Decompress::handleZipEntry(std::istream& zipStream, const ZipLocalFileHeade
|
||||
fileName = p.getFileName();
|
||||
}
|
||||
|
||||
if (fileName.find(ZipCommon::ILLEGAL_PATH) != std::string::npos)
|
||||
throw ZipException("Illegal entry name " + fileName + " containing " + ZipCommon::ILLEGAL_PATH);
|
||||
if (!ZipCommon::isValidPath(fileName))
|
||||
throw ZipException("Illegal entry name " + fileName + " containing parent directory reference");
|
||||
|
||||
Poco::Path file(fileName);
|
||||
file.makeFile();
|
||||
|
@ -21,7 +21,20 @@ namespace Poco {
|
||||
namespace Zip {
|
||||
|
||||
|
||||
const std::string ZipCommon::ILLEGAL_PATH("..");
|
||||
bool ZipCommon::isValidPath(const std::string& path)
|
||||
{
|
||||
if (path == "..")
|
||||
return false;
|
||||
if (path.compare(0, 3, "../") == 0)
|
||||
return false;
|
||||
if (path.compare(0, 3, "..\\") == 0)
|
||||
return false;
|
||||
if (path.find("/..") != std::string::npos)
|
||||
return false;
|
||||
if (path.find("\\..") != std::string::npos)
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
} } // namespace Poco::Zip
|
||||
|
@ -176,8 +176,8 @@ void ZipUtil::verifyZipEntryFileName(const std::string& fn)
|
||||
throw ZipException("Illegal entry name /");
|
||||
if (fn.empty())
|
||||
throw ZipException("Illegal empty entry name");
|
||||
if (fn.find(ZipCommon::ILLEGAL_PATH) != std::string::npos)
|
||||
throw ZipException("Illegal entry name " + fn + " containing " + ZipCommon::ILLEGAL_PATH);
|
||||
if (!ZipCommon::isValidPath(fn))
|
||||
throw ZipException("Illegal entry name " + fn + " containing parent directory reference");
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user