DevComp/zip-rs-wasm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Changes from review

Browse source
This commit is contained in:
Zac Pullar-Strecker 2020-06-16 14:31:55 +12:00
parent 178699d2d5
commit f04e4f4a04
1 changed files with 3 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/read.rs
View file

@ -241,18 +241,14 @@ impl<R: Read + io::Seek> ZipArchive<R> {
/// # Platform-specific behaviour /// # Platform-specific behaviour
/// ///
/// On unix systems permissions from the zip file are preserved, if they exist. /// On unix systems permissions from the zip file are preserved, if they exist.
pub fn extract(&mut self, directory: &Path) -> ZipResult<()> { pub fn extract(&mut self, directory: &dyn AsRef<Path>) -> ZipResult<()> {
for i in 0..self.len() { for i in 0..self.len() {
let mut file = self.by_index(i)?; let mut file = self.by_index(i)?;
let filepath = file.sanitized_name(); let filepath = file.sanitized_name();
// `sanitized_name` should return a relative path let outpath = directory.as_ref().join(filepath);
// otherwise there's a risk of directory traversal attacks
assert!(filepath.is_relative());
let outpath = directory.join(filepath); if (file.name()).ends_with('/') {
if (&*file.name()).ends_with('/') {
fs::create_dir_all(&outpath)?; fs::create_dir_all(&outpath)?;
} else { } else {
if let Some(p) = outpath.parent() { if let Some(p) = outpath.parent() {