Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: erlang/otp
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: maint
Choose a base ref
...
head repository: net/otp
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: maint
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 2 commits
  • 2 files changed
  • 1 contributor

Commits on Mar 24, 2016

  1. Protect zip:extract/1,2 from directory traversal 

    - Added function protect_from_traversal/1 to remove ".." components
from filenames.

- get_z_file/8 now passes filenames through protect_from_traversal.

- filename:split/1 removes trailing separators so maybe_append_slash/2
was added to fix this (trailing separators signify a directory instead
of a file).

- The change was documented in the zip doc file.
    @net
    net committed Mar 24, 2016
    Configuration menu
    Copy the full SHA
    673528d View commit details
    Browse the repository at this point in the history

  2. Refactor protect_from_traversal/1 

    As suggested by @fenollp.
    @net
    net committed Mar 24, 2016
    Configuration menu
    Copy the full SHA
    98a5446 View commit details
    Browse the repository at this point in the history
Loading