From b811689e971776dca168ee190be51cf2d085f4d8 Mon Sep 17 00:00:00 2001 From: Cristian Maglie Date: Tue, 21 Jan 2020 10:42:12 +0100 Subject: [PATCH] Improved sanity checks on filenames in package_index.json --- .../contributions/DownloadableContributionsDownloader.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java b/arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java index 4ddca67b3..68b88a9f9 100644 --- a/arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java +++ b/arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java @@ -62,7 +62,9 @@ public class DownloadableContributionsDownloader { public File download(DownloadableContribution contribution, Progress progress, final String statusText, ProgressListener progressListener, boolean noResume, boolean allowCache) throws Exception { URL url = new URL(contribution.getUrl()); - Path outputFile = Paths.get(stagingFolder.getAbsolutePath(), contribution.getArchiveFileName()); + // Filter out paths from file name + String filename = new File(contribution.getArchiveFileName()).getName(); + Path outputFile = Paths.get(stagingFolder.getAbsolutePath(), filename); // Ensure the existence of staging folder Files.createDirectories(stagingFolder.toPath());