Changeset View
Changeset View
Standalone View
Standalone View
core/document.cpp
Show First 20 Lines • Show All 4813 Lines • ▼ Show 20 Line(s) | 4811 | { | |||
---|---|---|---|---|---|
4814 | if ( !mime.inherits( QStringLiteral("application/vnd.kde.okular-archive") ) ) | 4814 | if ( !mime.inherits( QStringLiteral("application/vnd.kde.okular-archive") ) ) | ||
4815 | return nullptr; | 4815 | return nullptr; | ||
4816 | 4816 | | |||
4817 | KZip okularArchive( archivePath ); | 4817 | KZip okularArchive( archivePath ); | ||
4818 | if ( !okularArchive.open( QIODevice::ReadOnly ) ) | 4818 | if ( !okularArchive.open( QIODevice::ReadOnly ) ) | ||
4819 | return nullptr; | 4819 | return nullptr; | ||
4820 | 4820 | | |||
4821 | const KArchiveDirectory * mainDir = okularArchive.directory(); | 4821 | const KArchiveDirectory * mainDir = okularArchive.directory(); | ||
4822 | | ||||
4823 | // Check the archive doesn't have folders, we don't create them when saving the archive | ||||
4824 | // and folders mean paths and paths mean path traversal issues | ||||
4825 | for ( const QString &entry : mainDir->entries() ) | ||||
4826 | { | ||||
4827 | if ( mainDir->entry( entry )->isDirectory() ) | ||||
4828 | { | ||||
4829 | qWarning() << "Warning: Found a directory inside" << archivePath << " - Okular does not create files like that so it is most probably forged."; | ||||
4830 | return nullptr; | ||||
4831 | } | ||||
4832 | } | ||||
4833 | | ||||
4822 | const KArchiveEntry * mainEntry = mainDir->entry( QStringLiteral("content.xml") ); | 4834 | const KArchiveEntry * mainEntry = mainDir->entry( QStringLiteral("content.xml") ); | ||
4823 | if ( !mainEntry || !mainEntry->isFile() ) | 4835 | if ( !mainEntry || !mainEntry->isFile() ) | ||
4824 | return nullptr; | 4836 | return nullptr; | ||
4825 | 4837 | | |||
4826 | std::unique_ptr< QIODevice > mainEntryDevice( static_cast< const KZipFileEntry * >( mainEntry )->createDevice() ); | 4838 | std::unique_ptr< QIODevice > mainEntryDevice( static_cast< const KZipFileEntry * >( mainEntry )->createDevice() ); | ||
4827 | QDomDocument doc; | 4839 | QDomDocument doc; | ||
4828 | if ( !doc.setContent( mainEntryDevice.get() ) ) | 4840 | if ( !doc.setContent( mainEntryDevice.get() ) ) | ||
4829 | return nullptr; | 4841 | return nullptr; | ||
▲ Show 20 Lines • Show All 801 Lines • Show Last 20 Lines |