aboutsummaryrefslogtreecommitdiff
path: root/src/plugins/fs/download.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/fs/download.c')
-rw-r--r--src/plugins/fs/download.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/plugins/fs/download.c b/src/plugins/fs/download.c
index 2ee8becf..6698b329 100644
--- a/src/plugins/fs/download.c
+++ b/src/plugins/fs/download.c
@@ -420,6 +420,7 @@ void displayDownloadComplete(const struct ECRS_URI * uri,
420 GtkTreePath * path; 420 GtkTreePath * path;
421 struct ECRS_URI * u; 421 struct ECRS_URI * u;
422 char *dirPath; 422 char *dirPath;
423 char *dotdot;
423 424
424 pos = head; 425 pos = head;
425 while (pos != NULL) { 426 while (pos != NULL) {
@@ -527,6 +528,12 @@ void displayDownloadComplete(const struct ECRS_URI * uri,
527 } 528 }
528 fnURL[len] = 0; 529 fnURL[len] = 0;
529 530
531 /* avoid directory traversal */
532 while(dotdot = strstr("../")) {
533 dotdot[0] = '_';
534 dotdot[1] = '_';
535 }
536
530 /* If the file was downloaded before, fnURL is a symlink to 537 /* If the file was downloaded before, fnURL is a symlink to
531 dstFile */ 538 dstFile */
532 if ((READLINK(fnURL, dummy, 1) == -1) && (errno == EINVAL)) { 539 if ((READLINK(fnURL, dummy, 1) == -1) && (errno == EINVAL)) {