Commit 4c665d91 authored by xjm's avatar xjm

SA-CORE-2021-001 by larowlan, stephenacrossri, siliconmeadow, mcdruid, xjm,...

SA-CORE-2021-001 by larowlan, stephenacrossri, siliconmeadow, mcdruid, xjm, vijaycs85, mlhess, greggles
parent 11210a3a
......@@ -2178,6 +2178,14 @@ public function _extractList(
}
}
} elseif ($v_header['typeflag'] == "2") {
if (strpos(realpath(dirname($v_header['link'])), realpath($p_path)) !== 0) {
$this->_error(
'Out-of-path file extraction {'
. $v_header['filename'] . ' --> ' .
$v_header['link'] . '}'
);
return false;
}
if (!$p_symlinks) {
$this->_warning('Symbolic links are not allowed. '
. 'Unable to extract {'
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment