Mirrors/kotaemon
1
0
Fork 0
mirror of https://github.com/Cinnamon/kotaemon.git synced 2025-12-16 19:57:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: dont need to check relative path

Browse Source
This commit is contained in:
cin-niko
2025-07-01 17:04:53 +00:00
parent 260513e53f
commit aba848d119
1 changed files with 0 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
libs/ktem/ktem/index/file/ui.py
View File

@@ -1062,11 +1062,6 @@ class FileIndexPage(BasePage):
def _is_symlink(info: zipfile.ZipInfo) -> bool:
return stat.S_ISLNK(info.external_attr >> 16)
def _is_safe_path(base_dir: str, target_path: str) -> bool:
abs_base = os.path.abspath(base_dir)
abs_target = os.path.abspath(target_path)
return abs_target.startswith(abs_base + os.sep)
zip_files = [file for file in files if file.endswith(".zip")]
remaining_files = [file for file in files if not file.endswith("zip")]
errors = []
@@ -1093,12 +1088,6 @@ class FileIndexPage(BasePage):
is_safe = False
break
target_path = os.path.join(zip_out_dir, member.filename)
if not _is_safe_path(zip_out_dir, target_path):
# Skipping zip file with path traversal
is_safe = False
break
if is_safe:
zip_ref.extractall(zip_out_dir)
else: