yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request from GHSA-6324-52pr-h4p5

Browse Source 
Co-authored-by: Zeegaan <nge@umbraco.dk>
This commit is contained in:
Nikolaj Geisle
2023-12-11 13:59:03 +01:00
parent 497927303f
commit b3caf747df
1 changed files with 3 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/Umbraco.Infrastructure/Persistence/Repositories/Implement/CreatedPackageSchemaRepository.cs
View File

@@ -309,17 +309,15 @@ public class CreatedPackageSchemaRepository : ICreatedPackagesRepository
_hostingEnvironment.MapPathContentRoot(Path.Combine(
_createdPackagesFolderPath,
definition.Name.Replace(' ', '_')));
Directory.CreateDirectory(directoryName);
var expectedRoot = Path.GetFullPath(_hostingEnvironment.MapPathContentRoot(_createdPackagesFolderPath));
var finalPackagePath = Path.GetFullPath(Path.Combine(directoryName, fileName));
var expectedRoot = _hostingEnvironment.MapPathContentRoot(_createdPackagesFolderPath);
var finalPackagePath = Path.Combine(directoryName, fileName);
if (finalPackagePath.StartsWith(expectedRoot) == false)
{
throw new IOException("Invalid path due to the package name");
}
Directory.CreateDirectory(directoryName);
// Clean existing files
foreach (var packagePath in new[] { definition.PackagePath, finalPackagePath })
{