Remove slashes from entry name when interpreting it as path (!37) · Merge requests · Frameworks / KNewStuff

Alexander Lohnau requested to merge work/fix_install_slashes into master Aug 23, 2020

While this fixes the bug I am also really worried that without this patch you could go up to the path and install files elsewhere on the system. Having a user defined name interpreted as a path without any checks seems IMO like a big security risk.

@ngraham @leinir

Remove slashes from entry name when interpreting it as path

Merge request reports