Skip to content

Commit

Permalink
0.7.2
Browse files Browse the repository at this point in the history
  • Loading branch information
@guzba
guzba committed Oct 5, 2021
1 parent 228a6e1 commit a35f414
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 1 deletion.
5 changes: 5 additions & 0 deletions src/zippy/tarballs.nim
View file
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,11 @@ proc extractAll*(
ZippyError,
"Extracting paths starting with `..` is not supported (" & path & ")"
)
if "/../" in path or r"\..\" in path:
raise newException(
ZippyError,
"Extracting paths containing `/../` is not supported (" & path & ")"
)

case entry.kind:
of ekNormalFile:
Expand Down
5 changes: 5 additions & 0 deletions src/zippy/ziparchives.nim
View file
Original file line number Diff line number Diff line change
Expand Up @@ -479,6 +479,11 @@ proc extractAll*(
ZippyError,
"Extracting paths starting with `..` is not supported (" & path & ")"
)
if "/../" in path or r"\..\" in path:
raise newException(
ZippyError,
"Extracting paths containing `/../` is not supported (" & path & ")"
)

case entry.kind:
of ekDirectory:
Expand Down
2 changes: 1 addition & 1 deletion zippy.nimble
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version = "0.7.1"
version = "0.7.2"
author = "Ryan Oldenburg"
description = "Pure Nim implementation of deflate, zlib, gzip and zip."
license = "MIT"
Expand Down

0 comments on commit a35f414

Please sign in to comment.