File tree Expand file tree Collapse file tree 4 files changed +12
-6
lines changed
tests/RazorPagesTestSample.Tests Expand file tree Collapse file tree 4 files changed +12
-6
lines changed Original file line number Diff line number Diff line change 11
22.DS_Store
3+
4+ # Local configuration file for developers
5+ src /Application /src /RazorPagesTestSample /config.json
6+
Original file line number Diff line number Diff line change @@ -94,7 +94,13 @@ public async Task<IActionResult> OnPostAnalyzeMessagesAsync()
9494
9595 public static void WriteToDirectory ( ZipArchiveEntry entry , string destDirectory )
9696 {
97- string destFileName = Path . Combine ( destDirectory , entry . FullName ) ;
97+ string destFileName = Path . GetFullPath ( Path . Combine ( destDirectory , entry . FullName ) ) ;
98+
99+ if ( ! destFileName . StartsWith ( destDirectory , StringComparison . OrdinalIgnoreCase ) )
100+ {
101+ throw new InvalidOperationException ( "Entry is outside of the target directory." ) ;
102+ }
103+
98104 entry . ExtractToFile ( destFileName ) ;
99105 }
100106 }
Load Diff This file was deleted.
Original file line number Diff line number Diff line change 1313 <PackageReference Include =" Microsoft.EntityFrameworkCore.InMemory" Version =" 8.0.3"
1414 <PackageReference Include =" Microsoft.NET.Test.Sdk" Version =" 17.9.0"
1515 <PackageReference Include =" Moq" Version =" 4.20.70"
16- <PackageReference Include =" Newtonsoft.Json" Version =" 11 .0.2 "
16+ <PackageReference Include =" Newtonsoft.Json" Version =" 13 .0.3 "
1717 <PackageReference Include =" System.Diagnostics.TraceSource" Version =" 4.3.0"
1818 <PackageReference Include =" System.Net.Http" Version =" 4.3.4"
1919 <PackageReference Include =" xunit" Version =" 2.7.0"
You can’t perform that action at this time.
0 commit comments