Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2026-03-04 02:20:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

zip and response issues (#5786)

Browse Source
This commit is contained in:
Anthony Stirling
2026-02-24 20:08:18 +00:00
committed by GitHub
parent 1f9b90ad57
commit abbd332909
4 changed files with 21 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/common/src/main/java/stirling/software/common/util/FileToPdf.java
View File

@@ -100,6 +100,11 @@ public class FileToPdf {
while (entry != null) {
Path filePath =
tempUnzippedDir.getPath().resolve(sanitizeZipFilename(entry.getName()));
Path normalizedTargetDir = tempUnzippedDir.getPath().toAbsolutePath().normalize();
Path normalizedFilePath = filePath.toAbsolutePath().normalize();
if (!normalizedFilePath.startsWith(normalizedTargetDir)) {
throw new IOException("Zip entry path escapes target directory: " + entry.getName());
}
if (!entry.isDirectory()) {
Files.createDirectories(filePath.getParent());
if (entry.getName().toLowerCase(Locale.ROOT).endsWith(".html")