GitLab

In case of conflict in i18n, keep the version of the branch "ours"
To resolve a particular conflict, "git checkout --ours path/to/file.desktop"

In case of conflict in i18n, keep the version of the branch "ours"
To resolve a particular conflict, "git checkout --ours path/to/file.desktop"

(cherry picked from commit 4438db46)

unique_ptr has an `operator bool`, so they are not needed.

There are archive types which allow to first create a symlink and then
later on dereference it. If the symlink points outside of the archive,
this results in writing outside of the destination directory.

With the ARCHIVE_EXTRACT_SECURE_SYMLINKS option set, libarchive avoids
this situation by verifying that none of the target path components are
symlinks before writing.

Remove the commented out code in the method, which would actually
misbehave if enabled again.
Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>

Add comment explaining what extractSelectedFilesTo is used for.
Slightly tweak error message.

- No need to stat the url we get from QFileDialog::getSaveFileUrl, if it
  already exists the dialog should show the "do you want to overwrite?"
  message to the user on its own; also no need to check for isValid, the
  dialog will return valid urls, AFAICS
- KIO::file_copy will check if the src url exists ...etc, we don't have
  to do that manually; also make the job async, and re-use the custom error
  messages where possible

Fix timestamp comparison test fail after QT5.11 by Switchng to QDatetime comparison instead of QString. 5.11 variant changed QDateTime toString fromat to ISODateWithMs

It's been commented since 68e58f5d from 13 years ago.

In BatchExtract, use QUrl::fromLocalFile to construct a url with the
file:// scheme, so that the destination dir can be opened after the
extraction is finished.

Bump minimum KF version to 5.71 as that's where OpenUrlJob was introduced.

(cherry picked from commit 6104ad1c)

Ark was vulnerable to directory traversal attacks because of
missing validation of file paths in the archive.

More details about this attack are available at:
https://github.com/snyk/zip-slip-vulnerability

Job::onEntry() is the only place where we can safely check the path of
every entry in the archive. There shouldn't be a valid reason
to have a "../" in an archive path, so we can just play safe and abort
the LoadJob if we detect such an entry. This makes impossibile to
extract this kind of malicious archives and perform the attack.

Thanks to Albert Astals Cid for suggesting to use QDir::cleanPath()
so that we can still allow loading of legitimate archives that
contain "../" in their paths but still resolve inside the extraction folder.