forked from forgejo/forgejo
Vendor Update Go Libs (#13444)
* denisenkom/go-mssqldb untagged -> v0.9.0 * github.com/editorconfig/editorconfig-core-go v2.3.7 -> v2.3.8 * github.com/go-testfixtures/testfixtures v3.4.0 -> v3.4.1 * github.com/mholt/archiver v3.3.2 -> v3.5.0 * github.com/olivere/elastic v7.0.20 -> v7.0.21 * github.com/urfave/cli v1.22.4 -> v1.22.5 * github.com/xanzy/go-gitlab v0.38.1 -> v0.39.0 * github.com/yuin/goldmark-meta untagged -> v1.0.0 * github.com/ethantkoenig/rupture 0a76f03a811a -> c3b3b810dc77 * github.com/jaytaylor/html2text 8fb95d837f7d -> 3577fbdbcff7 * github.com/kballard/go-shellquote cd60e84ee657 -> 95032a82bc51 * github.com/msteinert/pam 02ccfbfaf0cc -> 913b8f8cdf8b * github.com/unknwon/paginater 7748a72e0141 -> 042474bd0eae * CI.restart() Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
6543
GitHub
parent
eebaa81f43
commit
30ce3731a1
184 changed files with 12387 additions and 2975 deletions
19
vendor/github.com/mholt/archiver/v3/rar.go
generated
vendored
19
vendor/github.com/mholt/archiver/v3/rar.go
generated
vendored
|
|
@ -40,6 +40,10 @@ type Rar struct {
|
|||
// especially on extraction.
|
||||
ImplicitTopLevelFolder bool
|
||||
|
||||
// Strip number of leading paths. This feature is available
|
||||
// only during unpacking of the entire archive.
|
||||
StripComponents int
|
||||
|
||||
// If true, errors encountered during reading
|
||||
// or writing a single file will be logged and
|
||||
// the operation will continue on remaining files.
|
||||
|
|
@ -66,7 +70,7 @@ func (*Rar) CheckPath(to, filename string) error {
|
|||
dest := filepath.Join(to, filename)
|
||||
//prevent path traversal attacks
|
||||
if !strings.HasPrefix(dest, to) {
|
||||
return fmt.Errorf("illegal file path: %s", filename)
|
||||
return &IllegalPathError{AbsolutePath: dest, Filename: filename}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
@ -105,7 +109,7 @@ func (r *Rar) Unarchive(source, destination string) error {
|
|||
break
|
||||
}
|
||||
if err != nil {
|
||||
if r.ContinueOnError || strings.Contains(err.Error(), "illegal file path") {
|
||||
if r.ContinueOnError || IsIllegalPathError(err) {
|
||||
log.Printf("[ERROR] Reading file in rar archive: %v", err)
|
||||
continue
|
||||
}
|
||||
|
|
@ -168,6 +172,17 @@ func (r *Rar) unrarNext(to string) error {
|
|||
return fmt.Errorf("checking path traversal attempt: %v", errPath)
|
||||
}
|
||||
|
||||
if r.StripComponents > 0 {
|
||||
if strings.Count(header.Name, "/") < r.StripComponents {
|
||||
return nil // skip path with fewer components
|
||||
}
|
||||
|
||||
for i := 0; i < r.StripComponents; i++ {
|
||||
slash := strings.Index(header.Name, "/")
|
||||
header.Name = header.Name[slash+1:]
|
||||
}
|
||||
}
|
||||
|
||||
return r.unrarFile(f, filepath.Join(to, header.Name))
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue