https://github.com/sanluan/PublicCMS/issues/13

Unsafe Unzip bug fix
sanluan · Jun 28, 2018 · f5e6eae · f5e6eae
1 parent 5d6b25a
commit f5e6eae
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/publiccms-parent/publiccms-common/src/main/java/com/publiccms/common/tools/ZipUtils.java b/publiccms-parent/publiccms-common/src/main/java/com/publiccms/common/tools/ZipUtils.java
@@ -144,11 +144,15 @@ public static void unzip(String zipFilePath, String targetPath, boolean overwrit
         if (null != entryEnum) {
             while (entryEnum.hasMoreElements()) {
                 ZipEntry zipEntry = entryEnum.nextElement();
+                String filePath = zipEntry.getName();
+                if (filePath.contains("..")) {
+                    filePath = filePath.replace("..", BLANK);
+                }
                 if (zipEntry.isDirectory()) {
-                    File dir = new File(targetPath + File.separator + zipEntry.getName());
+                    File dir = new File(targetPath + File.separator + filePath);
                     dir.mkdirs();
                 } else {
-                    File targetFile = new File(targetPath + File.separator + zipEntry.getName());
+                    File targetFile = new File(targetPath + File.separator + filePath);
                     if (!targetFile.exists() || overwrite) {
                         targetFile.getParentFile().mkdirs();
                         try (InputStream inputStream = zipFile.getInputStream(zipEntry);