File tree 1 file changed +3
-3
lines changed
1 file changed +3
-3
lines changed Original file line number Diff line number Diff line change @@ -354,7 +354,7 @@ module.exports = function(/*String*/input) {
354354
355355
356356 var target = pth . resolve ( targetPath , maintainEntryPath ? entryName : pth . basename ( entryName ) ) ;
357- if ( ! target . startsWith ( targetPath ) ) {
357+ if ( ! pth . resolve ( target ) . startsWith ( pth . resolve ( targetPath ) ) ) {
358358 throw Utils . Errors . INVALID_FILENAME + ": " + entryName ;
359359 }
360360
@@ -432,7 +432,7 @@ module.exports = function(/*String*/input) {
432432 _zip . entries . forEach ( function ( entry ) {
433433 entryName = entry . entryName . toString ( ) ;
434434
435- if ( ! pth . resolve ( targetPath , entryName ) . startsWith ( targetPath ) ) {
435+ if ( ! pth . resolve ( targetPath , entryName ) . startsWith ( pth . resolve ( targetPath ) ) ) {
436436 throw Utils . Errors . INVALID_FILENAME + ": " + entryName ;
437437 }
438438
@@ -478,7 +478,7 @@ module.exports = function(/*String*/input) {
478478 entryName = escapeFileName ( entryName )
479479 }
480480
481- if ( ! pth . resolve ( targetPath , entryName ) . startsWith ( targetPath ) ) {
481+ if ( ! pth . resolve ( targetPath , entryName ) . startsWith ( pth . resolve ( targetPath ) ) ) {
482482 throw Utils . Errors . INVALID_FILENAME + ": " + entryName ;
483483 }
484484
You can’t perform that action at this time.
0 commit comments