3dd165b494
Disable symlinks and check for path traversal
2018-08-26 14:21:38 +01:00
8e78311d67
Fix CVE-2018-1000544 symlink path traversal
...
Not sure if the exception is the right way to go
2018-08-23 18:14:48 -04:00
6e0d23178a
Fix CVE-2018-1000544 absolute path traversal
...
Small refactor along the way to centralize destination handling when no explicit path is given and a potential malicious one from the zipfile is used
2018-08-23 18:14:48 -04:00
c787d94852
Handle stored files with general purpose bit 3 set
...
Signed-off-by: Sam Coward <scoward@pivotal.io>
2018-04-03 16:07:18 -04:00
deb6616c5f
Merge branch 'master' into force-entry-names-encoding-option
2017-10-18 19:24:58 +03:00
a9f020c0a0
add option to force entry names encoding
...
if you need to work with existing zip files which contain names with
non-ascii characters then you can specify this option.
Without this option find_entry will not work properly
2017-10-18 18:20:56 +03:00
cf91112b57
Apply automatic correction by rubocop
2017-06-29 11:57:12 +09:00
ce4208fdec
Fix #315 and resolve relative path vulnerability
2017-02-08 13:43:14 +02:00
a4e3b55bb2
remove tr to support cp932 encoding
2016-12-07 22:35:33 +09:00
579e78f1ef
Update entry.rb
...
Add accessor to @internal_file_attributes
See http://stackoverflow.com/questions/39800771/hot-to-set-binary-flag-in-zip-file-with-rubyzip
2016-10-10 23:04:36 +02:00
73a35d4515
User `warn` method instead `STDERR.puts` to correctly check error in tests
...
See http://stackoverflow.com/questions/34351144/minitest-assert-output-incorrect-check-for-stderr
about this
2015-12-18 16:40:24 +03:00
77acc03ddb
Fix exception due to calling empty? on nil.
2015-09-30 03:57:21 -04:00
05a9ba3f20
Use duck typing to detect IO-like objects.
2015-09-03 06:16:32 -07:00
c0177a455b
Merge branch 'master' into rubocop_fixes
...
Conflicts:
README.md
samples/example_recursive.rb
2015-06-08 10:14:25 +03:00
d289780072
Fix #234 . Add special variable what is a flag about internal usege
2015-06-07 17:29:54 +03:00
32016ab1bf
Remove executable bit.
2015-03-31 13:15:46 +02:00
2007be0ab6
fix rubocop Lint/UselessAccessModifier cop
2015-03-24 19:47:49 +03:00
fd864bd7ab
fix rubocop Style/CaseEquality cop
2015-03-24 19:44:47 +03:00
b920a1eb49
fix rubocop Style/GuardClause cop
2015-03-24 19:16:03 +03:00
b9aefaffb5
fix rubocop Style/IfUnlessModifier cop
2015-03-24 19:09:22 +03:00
47b72f5cab
fix rubocop Style/LeadingCommentSpace cop
2015-03-23 19:06:01 +03:00
d5f79822c1
fix rubocop Style/LineEndConcatenation cop
2015-03-23 19:03:28 +03:00
8d6f23ba9a
fix rubocop Style/SpaceAroundOperators cop
2015-03-22 20:03:50 +03:00
b13fafb7e8
fix rubocop Style/StringLiterals cop
2015-03-22 19:54:44 +03:00
73e5f70bdf
fix rubocop Style/SpaceAfterMethodName cop
2015-03-22 19:43:44 +03:00
105c2c71b2
fix rubocop Style/RedundantException cop
2015-03-22 19:32:47 +03:00
abf9cbec23
fix rubocop Style/RedundantSelf cop
2015-03-22 19:30:24 +03:00
06e5a9352d
fix rubocop Style/ParenthesesAroundCondition cop
2015-03-22 19:25:35 +03:00
b730387cf2
redone fixes by rubocop Style/Alias to be in style of https://github.com/bbatsov/ruby-style-guide#alias-method-lexically
2015-03-21 13:14:21 +03:00
da863e4b55
Merge branch 'master' into rubocop_fixes
...
Conflicts:
lib/zip/entry.rb
2015-03-21 11:37:28 +03:00
b93ef1266f
fix rubocop Style/StringLiterals cop
2015-03-21 11:27:44 +03:00
b9a757e045
fix rubocop Style/EmptyLinesAroundClassBody cop
2015-03-21 11:21:26 +03:00
6c46c21abb
fix rubocop Style/ColonMethodCall cop
2015-03-21 11:16:06 +03:00
bb08213cb7
fix rubocop Style/Alias cop
2015-03-20 23:17:05 +03:00
4ee6d6be39
fix rubocop Lint/UnusedMethodArgument cop
2015-03-20 23:09:41 +03:00
67838e13ac
fix rubocop Lint/EndAlignment cop
2015-03-20 23:00:20 +03:00
6d19df491a
fix rubocop Lint/AssignmentInCondition cop
2015-03-20 22:57:38 +03:00
d928aeebe5
make parse_zip64_extra check for empty @extra['Zip64'] easier to read
2015-03-20 22:54:28 +03:00
17ac4fdba1
Fix #218
...
Ouput Invalid Date/time to STDERR
2015-03-19 17:32:33 +03:00
b7fa9b124e
Fixing Zip#read_local_entry error on JRuby
2015-03-07 12:50:13 +03:00
85a7bbdf1a
add data descriptor for each entries when encrypto
2015-01-08 18:30:32 +09:00
7498e8a9d3
add warn_invalid_date option
2014-12-01 18:39:29 +03:00
5a4d1ba52a
Use tr instead of gsub
2014-10-22 16:37:21 +02:00
a7a11e33bd
NTFS Extra Field (0x000a) support
2014-09-11 23:04:23 -07:00
b5c5b6803e
Zip::Entry::DEFLATED was forced on every file
2014-04-23 08:42:09 +02:00
9eb35ca0c4
Don't send empty string to stream
...
Unneeded method call removed.
This was causing an issue in rails 4 and zipline
https://github.com/fringd/zipline/pull/10
2014-04-17 13:23:12 +01:00
37ed325783
Clean up tempfiles from output stream, fixes #57
2014-04-04 14:32:11 -07:00
9e144061b9
fix modifying existing zipfile with zip64 enabled
...
The local header size computed from the central directory entry
is incorrect due to the Zip64Placeholder in the local entry.
This caused us to seek to the wrong location when copying an
unchanged compressed data stream.
(The same problem could occur when modifying any zip file where
the local header and central directory header contain different
variable-sized fields, so it's a good idea not to trust the CD
to tell us the local header size in any case.)
2014-03-12 15:57:52 -06:00
2697c7ea4f
Fix #138
2014-03-09 20:38:24 +02:00
a37e13c6f0
File.exists? -> File.exist?
2014-02-06 15:00:38 -08:00
John Lees-Miller
Bart de Water
Andrew Meyer
Alexey Sorokin
Takumasa Ochi
Alexander Simonov
dogatana
knut2
Pavel Lobashov
Victor Costan
Seth Kingsley
Vít Ondruch
Pavel.Lobashov
Sergey Konotopov
Shigeaki Matsumura
Nikolay Petrachkov
Henry Yang
Mehmet Celik
mrloop
Ian Young
Jeremy Stanley
Sam Rawlins