Andrew/redot-engine
1
0
Fork 0
mirror of https://github.com/Redot-Engine/redot-engine.git synced 2025-12-06 15:21:56 -05:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize file paths before extracting export templates

Browse Source
This commit is contained in:
Ignacio Etcheverry
2019-02-28 00:25:55 +01:00
parent df7541d2f9
commit 8e98be5991
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
editor/export_template_manager.cpp
View File

@@ -270,7 +270,7 @@ bool ExportTemplateManager::_install_from_file(const String &p_file, bool p_use_
char fname[16384]; char fname[16384];
unzGetCurrentFileInfo(pkg, &info, fname, 16384, NULL, 0, NULL, 0); unzGetCurrentFileInfo(pkg, &info, fname, 16384, NULL, 0, NULL, 0);
String file_path(fname); String file_path(String(fname).simplify_path());
String file = file_path.get_file(); String file = file_path.get_file();
@@ -287,10 +287,10 @@ bool ExportTemplateManager::_install_from_file(const String &p_file, bool p_use_
unzReadCurrentFile(pkg, data.ptrw(), data.size()); unzReadCurrentFile(pkg, data.ptrw(), data.size());
unzCloseCurrentFile(pkg); unzCloseCurrentFile(pkg);
String base_dir = file_path.get_base_dir().trim_suffix("/").trim_suffix("\\"); String base_dir = file_path.get_base_dir().trim_suffix("/");
if (base_dir != contents_dir && base_dir.begins_with(contents_dir)) { if (base_dir != contents_dir && base_dir.begins_with(contents_dir)) {
base_dir = base_dir.substr(contents_dir.length(), file_path.length()).trim_prefix("/").trim_prefix("\\"); base_dir = base_dir.substr(contents_dir.length(), file_path.length()).trim_prefix("/");
file = base_dir.plus_file(file); file = base_dir.plus_file(file);
DirAccessRef da = DirAccess::create(DirAccess::ACCESS_FILESYSTEM); DirAccessRef da = DirAccess::create(DirAccess::ACCESS_FILESYSTEM);