Shikong/Clash.Meta
1
0
Fork 0
mirror of https://gitclone.com/github.com/MetaCubeX/Clash.Meta synced 2025-05-24 02:48:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: disallow symlink in unzip

Browse Source
This commit is contained in:
wwqgtxx 2025-05-19 23:42:39 +08:00
parent 608ddb1b44
commit ed42c4feb8
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
component/updater/update_ui.go
View File

@ -224,10 +224,14 @@ func unzip(src, dest string) (string, error) {
if !strings.HasPrefix(fpath, filepath.Clean(dest)+string(os.PathSeparator)) {
return "", fmt.Errorf("invalid file path: %s", fpath)
}
if f.FileInfo().IsDir() {
info := f.FileInfo()
if info.IsDir() {
os.MkdirAll(fpath, os.ModePerm)
continue
}
if info.Mode()&os.ModeSymlink != 0 {
continue // disallow symlink
}
if err = os.MkdirAll(filepath.Dir(fpath), os.ModePerm); err != nil {
return "", err
}