Skip to content

Commit

Permalink
util/archive: assume roblox's zip files are safe to use
Browse files Browse the repository at this point in the history 
may solve #69
  • Loading branch information
@apprehensions
apprehensions committed Jul 22, 2023
1 parent fc579cf commit 6b43966
Showing 1 changed file with 1 addition and 6 deletions.
7 changes: 1 addition & 6 deletions util/archive.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package util

import (
"archive/zip"
"fmt"
"io"
"os"
"path/filepath"
Expand All @@ -18,11 +17,7 @@ func Unzip(source string, destDir string) error {

for _, file := range zip.File {
// Roblox's Zip Files have windows paths in them
filePath := filepath.Join(destDir, strings.ReplaceAll(file.Name, `\`, "/"))

if !strings.HasPrefix(filePath, filepath.Clean(destDir)+string(os.PathSeparator)) {
return fmt.Errorf("illegal file path: %s", filePath)
}
filePath := filepath.Join(destDir, filepath.Clean(strings.ReplaceAll(file.Name, `\`, "/")))

if file.FileInfo().IsDir() {
if err := os.MkdirAll(filePath, file.Mode()); err != nil {
Expand Down

0 comments on commit 6b43966

Please sign in to comment.