loolwsd/LOOLWSD.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
New commits: commit f8cc5d3877ff1ba0288d7afe062908ef6265b6b6 Author: Pranav Kant <pran...@collabora.co.uk> Date: Thu Jul 21 14:56:26 2016 +0530 loolwsd: security: Sanitize user input in convert-to API diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp index 5e01803..49ccb5b 100644 --- a/loolwsd/LOOLWSD.cpp +++ b/loolwsd/LOOLWSD.cpp @@ -316,7 +316,10 @@ public: Path tempPath = Path::forDirectory(TemporaryFile().tempName() + "/"); File(tempPath).createDirectories(); - tempPath.setFileName(params.get("filename")); + // Prevent user inputting anything funny here. + // A "filename" should always be a filename, not a path + const Path filenameParam(params.get("filename")); + tempPath.setFileName(filenameParam.getFileName()); _filename = tempPath.toString(); // Copy the stream to _filename. _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits