Commit 57268e51 authored by Paolo Bacchilega's avatar Paolo Bacchilega
Browse files

Path traversal vulnerability

Do not extract files with relative paths.

[bug #794337]
parent 1659a14e
......@@ -1079,7 +1079,7 @@ sanitize_filename (const char *file_name)
prefix_len = 0;
for (p = file_name; *p; ) {
if (ISDOT (p[0]) && ISDOT (p[1]) && (ISSLASH (p[2]) || !p[2]))
prefix_len = p + 2 - file_name;
return NULL;
do {
char c = *p++;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment