diff --git a/src/Application/.gitignore b/src/Application/.gitignore index 625a1607..cfb76a57 100644 --- a/src/Application/.gitignore +++ b/src/Application/.gitignore @@ -1,6 +1,9 @@ ## Ignore Visual Studio temporary files, build results, and ## files generated by popular Visual Studio add-ons. +# Local configuration file for developers + src/Application/src/RazorPagesTestSample/config.json + # User-specific files *.suo *.user diff --git a/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs b/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs index 2e6d94bb..c0b7ae51 100644 --- a/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs +++ b/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs @@ -95,6 +95,13 @@ public async Task OnPostAnalyzeMessagesAsync() public static void WriteToDirectory(ZipArchiveEntry entry, string destDirectory) { string destFileName = Path.Combine(destDirectory, entry.FullName); + + // Ensure the destination file is within the destination directory + if (!destFileName.StartsWith(destDirectory, StringComparison.OrdinalIgnoreCase)) + { + throw new InvalidOperationException("Entry is outside the target dir: " + entry.FullName); + } + entry.ExtractToFile(destFileName); } } diff --git a/src/Application/tests/RazorPagesTestSample.Tests/RazorPagesTestSample.Tests.csproj b/src/Application/tests/RazorPagesTestSample.Tests/RazorPagesTestSample.Tests.csproj index a66e0a92..a0f5f511 100644 --- a/src/Application/tests/RazorPagesTestSample.Tests/RazorPagesTestSample.Tests.csproj +++ b/src/Application/tests/RazorPagesTestSample.Tests/RazorPagesTestSample.Tests.csproj @@ -13,7 +13,7 @@ - +