Only allow path::Component::Normal when extracting

Previously, Component::Root and Component::Prefix where still allowed. This meant some files could be extracted to a location outside the current directory. Only safe components are Normal and Curdir, but since Curdir does not do anything we filter it aswell. Resolves #27
2017-02-12 17:05:21 +01:00 · 2017-02-12 17:05:21 +01:00 · 88445219ec
commit 88445219ec
parent 089f7a89e7
1 changed files with 4 additions and 1 deletions
--- a/examples/extract.rs
+++ b/examples/extract.rs
@ -89,7 +89,10 @@ fn sanitize_filename(filename: &str) -> std::path::PathBuf

    std::path::Path::new(no_null_filename)
        .components()
-        .filter(|component| *component != std::path::Component::ParentDir)
+        .filter(|component| match *component {
+            std::path::Component::Normal(..) => true,
+            _ => false
+        })
        .fold(std::path::PathBuf::new(), |mut path, ref cur| {
            path.push(cur.as_os_str());
            path