Replace "." and ".." components in URL-derived paths

jsvine / waybackpack

Download the entire Wayback Machine archive for a given URL.

MIT License

2.8k stars 189 forks source link

Closed jwilk closed 4 months ago

jwilk commented 5 months ago

Fixes potential directory traversal via .. components embedded in the URL.

jsvine commented 4 months ago

Good catch re. the directory traversal, thanks. Going to merge this, and then will modify to use os.path.join(...) (while we're at at).