github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 07:53:49 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Prevent arbitrary file write when decompressing files (#18421)

Browse Source 
* SECURITY: Prevent arbitrary file write when decompressing files
* FIX: Allow decompressing files into symlinked directories

Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>
This commit is contained in:
Jarek Radosz
2022-09-29 20:00:38 +02:00
committed by GitHub
parent ae1e536e83
commit b27d5626d2
9 changed files with 175 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/compression/engine.rb
View File

@ -22,6 +22,6 @@ module Compression
@strategy = strategy
end
delegate :extension, :decompress, :compress, :strip_directory, to: :@strategy
delegate :extension, :decompress, :compress, to: :@strategy
end
end