[Github-comments] [geany/geany] Use relative paths for project session files if base directory is relative (PR #3021)
xiota
notifications at xxxxx
Sat Nov 27 00:36:08 UTC 2021
@xiota commented on this pull request.
> @@ -1268,6 +1287,16 @@ static gboolean open_session_file(gchar **tmp, guint len)
unescaped_filename = g_uri_unescape_string(tmp[7], NULL);
locale_filename = utils_get_locale_from_utf8(unescaped_filename);
+ if (!g_path_is_absolute(locale_filename) && app->project)
+ {
+ gchar *base_path = project_get_base_path();
+ gchar *project_dir = utils_get_locale_from_utf8(base_path);
+
+ SETPTR(locale_filename, g_build_filename(project_dir, locale_filename, NULL));
Need to add a check before this to prevent use of `..` from allowing access to files outside the project tree. Even though this PR doesn't write relative paths in certain ways, session and project files can be edited externally or another PR may change it.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/geany/geany/pull/3021#pullrequestreview-817091252
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.geany.org/pipermail/github-comments/attachments/20211126/3b6fa8f9/attachment-0001.htm>
More information about the Github-comments
mailing list