Skip to content

Commit

Permalink
update
Browse files Browse the repository at this point in the history
  • Loading branch information
@SaekiRaku
SaekiRaku committed May 21, 2021
1 parent 7888064 commit 20bc95d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/assets.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ async function add(filepath) {
}
// Filter the files that not extract to the base path to avoid Zip Slip loophole.
// Thanks to Kirill from Snyk Secrity for discovered the issue and help me out on fixing.
if (path.resolve(basepath, filename).indexOf(basepath) === -1) {
if (filename.indexOf("../") !== -1 || path.resolve(basepath, filename).indexOf(basepath) === -1) {
continue;
}
await fs.writeFile(share.uri(path.resolve(basepath, filename)), await zip.file(filename).async("nodebuffer"));
Expand Down

1 comment on commit 20bc95d

@vercel
Copy link

@vercel vercel bot commented on 20bc95d May 21, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Successfully deployed to the following URLs:

Please sign in to comment.