loolwsd/LOOLWSD.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
New commits: commit e77a553b767b0e00e2009d0831a832909bcb3ea9 Author: Pranav Kant <pran...@collabora.co.uk> Date: Thu Jul 21 14:56:26 2016 +0530 loolwsd: security: Sanitize user input in convert-to API diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp index 7583537..bb6340a 100644 --- a/loolwsd/LOOLWSD.cpp +++ b/loolwsd/LOOLWSD.cpp @@ -302,7 +302,10 @@ public: Path tempPath = Path::forDirectory(TemporaryFile().tempName() + "/"); File(tempPath).createDirectories(); - tempPath.setFileName(params.get("filename")); + // Prevent user inputting anything funny here. + // A "filename" should always be a filename, not a path + const Path filenameParam(params.get("filename")); + tempPath.setFileName(filenameParam.getFileName()); _filename = tempPath.toString(); // Copy the stream to _filename. _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits