Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-14 08:54:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix security problems and add zstd support

Browse Source
This commit is contained in:
lmarcouiller
2022-03-14 11:45:23 +01:00
parent 57ed890b73
commit 8d11813ea5
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/core/lib/files.lib.php
View File

@@ -2146,22 +2146,24 @@ function dol_uncompress($inputfile, $outputdir)
}
return array('error'=>'ErrNoZipEngine');
} elseif ($fileinfo["extension"] == "gz" || $fileinfo["extension"] == "bz2") {
} elseif (in_array($fileinfo["extension"], array('gz','bz2','zst'))) {
$extension = pathinfo($fileinfo["filename"], PATHINFO_EXTENSION);
if ($extension == "tar") {
$cmd = "tar -C ".$outputdir." -xvf ".$fileinfo["dirname"]."/".$fileinfo["basename"];
$cmd = 'tar -C '.escapeshellcmd(dol_sanitizePathName($outputdir)).' -xvf '.escapeshellcmd(dol_sanitizePathName($fileinfo["dirname"]).'/'.dol_sanitizeFileName($fileinfo["basename"]));
$resarray = $utils->executeCLI($cmd, $outputdir);
} else {
$program = "";
if ($fileinfo["extension"] == "gz") {
$program = "gzip";
$program = 'gzip';
} elseif ($fileinfo["extension"] == "bz2") {
$program = "bzip2";
$program = 'bzip2';
} elseif ($fileinfo["extension"] == "zst") {
$program = 'zstd';
} else {
return array('error'=>'ErrFileExtension');
}
$cmd = $program." -dc ".$fileinfo["dirname"]."/".$fileinfo["basename"];
$outputfilename = $outputdir."/".$fileinfo["filename"];
$cmd = $program.' -dc '.escapeshellcmd(dol_sanitizePathName($fileinfo["dirname"]).'/'.dol_sanitizeFileName($fileinfo["basename"]));
$outputfilename = escapeshellcmd(dol_sanitizePathName($outputdir).'/'.dol_sanitizeFileName($fileinfo["filename"]));
$resarray = $utils->executeCLI($cmd, $outputfilename, 0, $outputfilename);
if ($resarray["output"] == 2) {
$resarray["error"] = "ErrFilePermOrFileNotFound";