diff options
| author | stonedDiscord <10584181+stonedDiscord@users.noreply.github.com> | 2020-11-16 14:49:28 +0100 |
|---|---|---|
| committer | stonedDiscord <10584181+stonedDiscord@users.noreply.github.com> | 2020-11-16 14:49:28 +0100 |
| commit | 548eae95f27fc2dbd94f66bdba0d2d4aa0c4082b (patch) | |
| tree | f9024b2f41cfbef91d10cfa6bd3d3da682c8850f /src/path_functions.cpp | |
| parent | 10298230ce72c6b00336fb0ca099ba747d4cb421 (diff) | |
filter path traversal
Diffstat (limited to 'src/path_functions.cpp')
| -rw-r--r-- | src/path_functions.cpp | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/path_functions.cpp b/src/path_functions.cpp index 4d5a2919..b1d79762 100644 --- a/src/path_functions.cpp +++ b/src/path_functions.cpp @@ -101,15 +101,19 @@ QString AOApplication::get_evidence_path(QString p_file) QString AOApplication::get_case_sensitive_path(QString p_file) { + QFileInfo file(p_file); + QString file_basename = file.fileName(); + + // no path traversal above base folder + if (!(file.absolutePath().startsWith(get_base_path()))) + return get_base_path() + file_basename; + #ifdef CASE_SENSITIVE_FILESYSTEM // first, check to see if it's actually there (also serves as base case for // recursion) if (exists(p_file)) return p_file; - QFileInfo file(p_file); - - QString file_basename = file.fileName(); QString file_parent_dir = get_case_sensitive_path(file.absolutePath()); // second, does it exist in the new parent dir? |