johanels/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-12-12 00:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Backend: Upgrade dependencies and fix potential issues

Browse Source
This commit is contained in:
Michael Mayer
2021-05-04 17:30:39 +02:00
parent c4f6ab8809
commit 50d2ff1e69
4 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/fs/zip.go
View File

@@ -73,8 +73,8 @@ func Unzip(src, dest string) (fileNames []string, err error) {
defer r.Close()
for _, f := range r.File {
// Skip directories like __OSX
if strings.HasPrefix(f.Name, "__") {
// Skip directories like __OSX and potentially malicious file names containing "..".
if strings.HasPrefix(f.Name, "__") || strings.Contains(f.Name, "..") {
continue
}