starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-05-04 18:08:46 +03:00
Code Issues 784 Packages Projects Releases 15 Wiki Activity

Theme Modules: Prevented zip-slip in new module extraction method

Browse Source 
Updated the new (development only) approach which could result in
zip-slip causing trouble. This adds path normalisation, and testing to
cover.
This commit is contained in:
Dan Brown
2026-04-11 18:49:34 +01:00
parent c3c8577f05
commit 684a94c419
3 changed files with 32 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/Theming/ThemeModuleManager.php
View File

@@ -51,7 +51,14 @@ class ThemeModuleManager
}
$folderPath = $this->modulesFolderPath . DIRECTORY_SEPARATOR . $folderName;
$zip->extractTo($folderPath);
try {
$zip->extractTo($folderPath);
} catch (ThemeModuleException $exception) {
if (is_dir($folderPath)) {
$this->deleteDirectoryRecursively($folderPath);
}
throw new ThemeModuleException("Failed to load extract files from module ZIP with error: {$exception->getMessage()}");
}
$module = $this->loadFromFolder($folderName);
if (!$module) {

8
app/Theming/ThemeModuleZip.php
View File

@@ -2,6 +2,7 @@
namespace BookStack\Theming;
use BookStack\Util\FilePathNormalizer;
use ZipArchive;
readonly class ThemeModuleZip
@@ -33,7 +34,12 @@ readonly class ThemeModuleZip
$name = str_replace($prefix, '', $name);
}
$targetPath = $destinationPath . DIRECTORY_SEPARATOR . $name;
try {
$targetPath = $destinationPath . DIRECTORY_SEPARATOR . FilePathNormalizer::normalize($name);
} catch (\Exception $exception) {
throw new ThemeModuleException("Bad file path found in module ZIP file: {$name}");
}
$targetPathDir = dirname($targetPath);
if (!is_dir($targetPathDir)) {
$dirCreated = mkdir($targetPathDir, 0777, true);