]> Lady’s Gitweb - Shushe/commitdiff
Lady’s Gitweb / Shushe / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side (parent: 7ae7c33)
Disallow archive paths beginning with `/`
authorLady <redacted>
Thu, 11 Apr 2024 16:57:12 +0000 (12:57 -0400)
committerLady <redacted>
Thu, 11 Apr 2024 16:57:12 +0000 (12:57 -0400)
This would have resulted in final paths starting with `.//`, which,
while probably mostly harmless, is definitely weird.

lib/archive2extractor.xslt patch | blob | history

diff --git a/lib/archive2extractor.xslt b/lib/archive2extractor.xslt
index b5fb70322239a63d16bb989c839723afe9493f7f..d43be68573892f016ca11998c03b6caacd3caf2b 100644 (file)
--- a/lib/archive2extractor.xslt
+++ b/lib/archive2extractor.xslt
@@ -25,7 +25,7 @@ If a copy of the M·P·L was not distributed with this file, You can obtain one
                        version="1.0"
                >
                        <xslt:template match="/">
-                               <for-each select="书社:archive/*[@书社:archived-as and not(starts-with(@书社:archived-as, '../') or contains(@书社:archived-as, '/../'))]">
+                               <for-each select="书社:archive/*[@书社:archived-as and not(starts-with(@书社:archived-as, '../') or starts-with(@书社:archived-as, '/') or contains(@书社:archived-as, '/../'))]">
                                        <variable name="href">
                                                <text>./extracted/</text>
                                                <choose>
⛩️📰 书社: A make·file for X·M·L
This page took 0.025899 seconds and 4 git commands to generate.