blob: 986bebc90abdea77746e2e938cb5fe019762494f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
--- a/part/part.cpp
+++ b/part/part.cpp
@@ -558,8 +558,15 @@ void Part::slotPreviewExtracted(KJob *jo
if (!job->error()) {
const ArchiveEntry& entry =
m_model->entryForIndex(m_view->selectionModel()->currentIndex());
- const QString fullName =
- m_previewDir->name() + QLatin1Char( '/' ) + entry[ FileName ].toString();
+
+ QString fullName =
+ m_previewDir->name() + QLatin1Char('/') + entry[FileName].toString();
+
+ // Make sure a maliciously crafted archive with parent folders named ".." do
+ // not cause the previewed file path to be located outside the temporary
+ // directory, resulting in a directory traversal issue.
+ fullName.remove(QLatin1String("../"));
+
ArkViewer::view(fullName, widget());
} else {
KMessageBox::error(widget(), job->errorString());
|
