Bug 35291: Validate filepaths in linking files
Validate that the files in linking files are contained within the ZIP. Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
This commit is contained in:
parent
9982fdf0d6
commit
1354a0b163
1 changed files with 6 additions and 1 deletions
|
|
@ -38,6 +38,7 @@ resized, maintaining aspect ratio.
|
|||
=cut
|
||||
|
||||
use Modern::Perl;
|
||||
use Cwd;
|
||||
|
||||
use File::Temp;
|
||||
use CGI qw ( -utf8 );
|
||||
|
|
@ -187,7 +188,11 @@ if ($fileID) {
|
|||
$filename =~ s/[\"\r\n]//g;
|
||||
$filename =~ s/^\s+//;
|
||||
$filename =~ s/\s+$//;
|
||||
my $srcimage = GD::Image->new("$dir/$filename");
|
||||
my $full_filename = Cwd::abs_path("$dir/$filename"); #Resolve any relative filepath references
|
||||
my $srcimage;
|
||||
if ( $full_filename =~ /^\Q$dir\E/ ){
|
||||
$srcimage = GD::Image->new($full_filename);
|
||||
}
|
||||
my $biblio;
|
||||
my $item;
|
||||
if ( defined $srcimage ) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue