yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request from GHSA-6324-52pr-h4p5

Browse Source 
Co-authored-by: Zeegaan <nge@umbraco.dk>
This commit is contained in:
Nikolaj Geisle
2023-12-11 13:59:03 +01:00
committed by GitHub
parent 3a697d90fc
commit 50a107f885
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Umbraco.Infrastructure/Persistence/Repositories/Implement/CreatedPackageSchemaRepository.cs
View File

@@ -311,7 +311,12 @@ public class CreatedPackageSchemaRepository : ICreatedPackagesRepository
definition.Name.Replace(' ', '_')));
Directory.CreateDirectory(directoryName);
var expectedRoot = _hostingEnvironment.MapPathContentRoot(_createdPackagesFolderPath);
var finalPackagePath = Path.Combine(directoryName, fileName);
if (finalPackagePath.StartsWith(expectedRoot) == false)
{
throw new IOException("Invalid path due to the package name");
}
// Clean existing files
foreach (var packagePath in new[] { definition.PackagePath, finalPackagePath })