security updates

Admin user · Admin user · commit b4ee2d9d68e7 · 2024-09-11T13:31:11.000+01:00
diff --git a/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs b/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs
@@ -94,22 +94,14 @@ public async Task<IActionResult> OnPostAnalyzeMessagesAsync()
 
      
         
-        public static void WriteToDirectory(ZipArchiveEntry entry, string destDirectory)
-        {
-            // Get the full path of the destination file
-            string destFileName = Path.Combine(destDirectory, entry.FullName);
-        
-            // Ensure the destination directory exists
-            Directory.CreateDirectory(Path.GetDirectoryName(destFileName));
-        
-            // Check if the destination file path is within the intended directory
-            if (!destFileName.StartsWith(Path.GetFullPath(destDirectory), StringComparison.OrdinalIgnoreCase))
-            {
-                throw new InvalidOperationException("Attempt to extract file outside of the destination directory.");
-            }
-        
-            // Extract the file
-            entry.ExtractToFile(destFileName, overwrite: true);
-        }
+ public static void WriteToDirectory(ZipArchiveEntry entry, string destDirectory)
+ {
+     string destFileName = Path.GetFullPath(Path.Combine(destDirectory, entry.FullName));
+     string fullDestDirPath = Path.GetFullPath(destDirectory + Path.DirectorySeparatorChar);
+     if (!destFileName.StartsWith(fullDestDirPath)) {
+         throw new System.InvalidOperationException("Entry is outside the target dir: " + destFileName);
+     }
+     entry.ExtractToFile(destFileName);
+ }
     }
 }
