Cutlery/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2025-07-08 18:54:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

Make extracting the icon files a little safer

Browse Source
This commit is contained in:
Kovid Goyal 2015-08-25 12:55:10 +05:30
parent bd3882ac73
commit cdddb7528b
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/calibre/gui2/icon_theme.py
View File

@ -685,19 +685,24 @@ def remove_icon_theme():
os.remove(metadata_file) os.remove(metadata_file)
def install_icon_theme(theme, f): def install_icon_theme(theme, f):
icdir = os.path.join(config_dir, 'resources', 'images') icdir = os.path.abspath(os.path.join(config_dir, 'resources', 'images'))
if not os.path.exists(icdir): if not os.path.exists(icdir):
os.makedirs(icdir) os.makedirs(icdir)
theme['files'] = set() theme['files'] = set()
metadata_file = os.path.join(icdir, 'icon-theme.json') metadata_file = os.path.join(icdir, 'icon-theme.json')
with ZipFile(f) as zf: with ZipFile(f) as zf:
for name in zf.namelist(): for name in zf.namelist():
if '..' in name:
continue
base = icdir base = icdir
if '/' in name: if '/' in name:
base = os.path.join(icdir, os.path.dirname(name)) base = os.path.join(icdir, os.path.dirname(name))
if not os.path.exists(base): if not os.path.exists(base):
os.makedirs(base) os.makedirs(base)
with zf.open(name) as src, open(os.path.join(base, os.path.basename(name)), 'wb') as dest: destpath = os.path.abspath(os.path.join(base, os.path.basename(name)))
if not destpath.startswith(icdir):
continue
with zf.open(name) as src, open(destpath, 'wb') as dest:
shutil.copyfileobj(src, dest) shutil.copyfileobj(src, dest)
theme['files'].add(name) theme['files'].add(name)