int/gpt_academic
1
0
派生 0
镜像自地址 https://github.com/binary-husky/gpt_academic.git 已同步 2025-12-06 14:36:48 +00:00
代码 工单 软件包 项目 版本发布 百科 动态

scan first, then extract

浏览代码
这个提交包含在:
binary-husky
2024-04-14 21:36:57 +08:00
父节点 f77ab27bc9
当前提交 eff5b89b98
共有 1 个文件被更改,包括 2 次插入2 次删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

4
shared_utils/handle_upload.py
查看文件

@@ -104,15 +104,15 @@ def extract_archive(file_path, dest_dir):
elif file_extension in [".tar", ".gz", ".bz2"]: elif file_extension in [".tar", ".gz", ".bz2"]:
with tarfile.open(file_path, "r:*") as tarobj: with tarfile.open(file_path, "r:*") as tarobj:
for member in tarobj.getmembers():
# 清理提取路径,移除任何不安全的元素 # 清理提取路径,移除任何不安全的元素
for member in tarobj.getmembers():
member_path = os.path.normpath(member.name) member_path = os.path.normpath(member.name)
full_path = os.path.join(dest_dir, member_path) full_path = os.path.join(dest_dir, member_path)
full_path = os.path.abspath(full_path) full_path = os.path.abspath(full_path)
if not full_path.startswith(os.path.abspath(dest_dir) + os.sep): if not full_path.startswith(os.path.abspath(dest_dir) + os.sep):
raise Exception(f"Attempted Path Traversal in {member.name}") raise Exception(f"Attempted Path Traversal in {member.name}")
tarobj.extract(member, path=dest_dir) tarobj.extractall(path=dest_dir)
print("Successfully extracted tar archive to {}".format(dest_dir)) print("Successfully extracted tar archive to {}".format(dest_dir))
# 第三方库,需要预先pip install rarfile # 第三方库,需要预先pip install rarfile