Open omermircor opened 7 months ago
There was to avoid a specific vulnerability to not allow extraction outside the destination directory:
https://github.com/adamhathcock/sharpcompress/pull/374/files
Path.Join does not seem applicable.
@adamhathcock Hi, i would've assume that if my destination folder is /root2 and the directory inside the zip is for example /root/file.txt then it will be extracted to /root2/root/file.txt (just like if i extract the zip manually on my pc)
again, the linked PR prevents extraction to directories outside of the current one
I understand, again, i didn't expect it to extract to outside directories i'm expecting it to extract the full path into my desired destination folder - the problem is that when using Path.Combine("/root","/root2/test.txt") it will return "/root2/test.txt" instead of "/root/root2/test.txt"
These are just convenance methods. You don't have to use them. You can write your own to write entries to whatever you like and however you like.
Hi, When I call WriteEntryToDirectory with entry key that is rooted for example '/root/file.txt' and the directory '/root2' as param. the code fails with Entry is trying to create a directory outside of the destination directory. The reason for that is Path.Combine ignore the directory path param. The solution should be move use Path.Join.