Commit 9393b0d8 authored by Elvis Angelaccio's avatar Elvis Angelaccio

Merge branch 'release/20.08'

parents 8d0bc65b 0df59252
......@@ -180,6 +180,14 @@ void Job::onError(const QString & message, const QString & details)
void Job::onEntry(Archive::Entry *entry)
{
const QString entryFullPath = entry->fullPath();
if (QDir::cleanPath(entryFullPath).contains(QLatin1String("../"))) {
qCWarning(ARK) << "Possibly malicious archive. Detected entry that could lead to a directory traversal attack:" << entryFullPath;
onError(i18n("Could not load the archive because it contains ill-formed entries and might be a malicious archive."), QString());
onFinished(false);
return;
}
emit newEntry(entry);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment