Fix directory traversal issue (CVE-2011-2725).
Tim Brown from Nth Dimension noticed a possible traversal issue where the previewer dialog would show (and then remove) the wrong file when a maliciously crafted archive had a file previewed. We now do the same thing as infozip and filter out "../" from the paths being previewed.
parent
9a46d8d3
Please register or sign in to comment