You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This should probably just explicitly check for ./ instead and not increment the nesting level in that case. This implementation is broken in a different way (paths of a specific archive can access, eg the SD archive, will be able to access anything inside the emulator folder, even outside the archive)
This should probably just explicitly check for ./ instead and not increment the nesting level in that case. This implementation is broken in a different way (paths of a specific archive can access, eg the SD archive, will be able to access anything inside the emulator folder, even outside the archive)
Yes, although to be fair that was already possible with your implementation and checking for ./ doesn't really fix that. Also checking for ./ isn't enough, what about paths like ///////../../../../../? The multiple forward slashes are also a potential problem so you'd have to check for that too. Why not use a ready made, safe, standard solution?
I think perhaps the change you want me to make is to make sure isSafePath checks the path is inside the current archive instead, which means taking another parameter for the archive directory we want to check for at any given time.
Yes, although to be fair that was already possible with your implementation
For example /../file.txt is a safe path with the current implementation, as you add 1 for the forward slash, but that forward slash is just the base of the current archive path
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.