Mamanyonyo/atrooney-online-2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

filter path traversal

Browse Source
This commit is contained in:
stonedDiscord 2020-11-16 14:49:28 +01:00
parent 10298230ce
commit 548eae95f2
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/path_functions.cpp
View File

@ -101,15 +101,19 @@ QString AOApplication::get_evidence_path(QString p_file)
QString AOApplication::get_case_sensitive_path(QString p_file) QString AOApplication::get_case_sensitive_path(QString p_file)
{ {
QFileInfo file(p_file);
QString file_basename = file.fileName();
// no path traversal above base folder
if (!(file.absolutePath().startsWith(get_base_path())))
return get_base_path() + file_basename;
#ifdef CASE_SENSITIVE_FILESYSTEM #ifdef CASE_SENSITIVE_FILESYSTEM
// first, check to see if it's actually there (also serves as base case for // first, check to see if it's actually there (also serves as base case for
// recursion) // recursion)
if (exists(p_file)) if (exists(p_file))
return p_file; return p_file;
QFileInfo file(p_file);
QString file_basename = file.fileName();
QString file_parent_dir = get_case_sensitive_path(file.absolutePath()); QString file_parent_dir = get_case_sensitive_path(file.absolutePath());
// second, does it exist in the new parent dir? // second, does it exist in the new parent dir?