Update to 1.10.3

2020-08-09 21:34:52 +03:00
parent 5ff4fa4bc0
commit d3c06c25c8
80 changed files with 799 additions and 454 deletions
--- a/src/fileio.cpp
+++ b/src/fileio.cpp
@@ -25,6 +25,7 @@
 #endif
 #include <sys/stat.h>
 #include <algorithm>
+#include <sstream>

 #ifdef WITH_XDG_BASEDIR
 #include <basedir.h>
@@ -481,6 +482,28 @@ FILE *FioFOpenFile(const char *filename, const char *mode, Subdirectory subdir,
 		strecpy(resolved_name, filename, lastof(resolved_name));
 		strtolower(resolved_name);

+		/* Resolve ".." */
+		std::istringstream ss(resolved_name);
+		std::vector<std::string> tokens;
+		std::string token;
+		while (std::getline(ss, token, PATHSEPCHAR)) {
+			if (token == "..") {
+				if (tokens.size() < 2) return nullptr;
+				tokens.pop_back();
+			} else {
+				tokens.push_back(token);
+			}
+		}
+		resolved_name[0] = '\0';
+		bool first = true;
+		for (const std::string &token : tokens) {
+			if (!first) {
+				strecat(resolved_name, PATHSEP, lastof(resolved_name));
+			}
+			strecat(resolved_name, token.c_str(), lastof(resolved_name));
+			first = false;
+		}
+
 		size_t resolved_len = strlen(resolved_name);

 		/* Resolve ONE directory link */
@@ -906,7 +929,10 @@ bool ExtractTar(const char *tar_filename, Subdirectory subdir)
 	const char *dirname = (*it).second.dirname;

 	/* The file doesn't have a sub directory! */
-	if (dirname == nullptr) return false;
+	if (dirname == nullptr) {
+		DEBUG(misc, 1, "Extracting %s failed; archive rejected, the contents must be in a sub directory", tar_filename);
+		return false;
+	}

 	char filename[MAX_PATH];
 	strecpy(filename, tar_filename, lastof(filename));