GitHub/Anki
1
0
Fork 0
mirror of https://github.com/ankitects/anki.git synced 2025-12-30 23:32:57 -05:00
Code Issues Projects Releases Packages 1 Wiki Activity Actions

catch attempts to write outside the media folder

Browse source 
big thanks to David Bailey for discovering this
This commit is contained in:
Damien Elmes 2017-08-16 21:31:05 +10:00
parent c914293e46
commit 4d0973fbab
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
anki/importing/apkg.py
View file

@ -19,16 +19,20 @@ class AnkiPackageImporter(Anki2Importer):
# we need the media dict in advance, and we'll need a map of fname ->
# number to use during the import
self.nameToNum = {}
dir = self.col.media.dir()
for k, v in json.loads(z.read("media")).items():
self.nameToNum[v] = k
path = os.path.abspath(os.path.join(dir, v))
if os.path.commonprefix([path, dir]) != dir:
raise Exception("Invalid file")
self.nameToNum[v] = unicodedata.normalize("NFC", k)
# run anki2 importer
Anki2Importer.run(self)
# import static media
for file, c in self.nameToNum.items():
if not file.startswith("_") and not file.startswith("latex-"):
continue
path = os.path.join(self.col.media.dir(),
unicodedata.normalize("NFC", file))
path = os.path.join(self.col.media.dir(), file)
if not os.path.exists(path):
open(path, "wb").write(z.read(c))