fix: zipper down 路径穿越问题

svga · Jul 21, 2020 · 2bc4380 · 2bc4380
1 parent 2866dc0
commit 2bc4380
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/library/src/main/java/com/opensource/svgaplayer/SVGAParser.kt b/library/src/main/java/com/opensource/svgaplayer/SVGAParser.kt
@@ -336,6 +336,10 @@ class SVGAParser(context: Context?) {
                 ZipInputStream(it).use { zipInputStream ->
                     while (true) {
                         val zipItem = zipInputStream.nextEntry ?: break
+                        if (zipItem.name.contains("../")) {
+                            // 解压路径存在路径穿越问题，直接过滤
+                            continue
+                        }
                         if (zipItem.name.contains("/")) {
                             continue
                         }