mirror of
https://github.com/aria2/aria2.git
synced 2025-01-01 15:44:55 +00:00
dc2a51b54a
Discard torrent file if path data in it contains directory traversal directives. Discard metalink:file element in Metalink3 format if its name attribute contains directory traversal directives. Ignore name attribute of metalink:signature element in Metalink3 format if it contains directory traversal directives. * src/MetalinkParserStateV3Impl.cc * src/bittorrent_helper.cc * src/message.h * test/BittorrentHelperTest.cc * test/Makefile.am * test/MetalinkProcessorTest.cc * test/metalink3-dirtraversal.xml * test/test.xml
38 lines
1.0 KiB
XML
38 lines
1.0 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<metalink version="3.0" xmlns="http://www.metalinker.org/">
|
|
<files>
|
|
<file name="../aria2-0.5.2.tar.bz2">
|
|
<verification>
|
|
<signature type="pgp" file="aria2-0.5.2.tar.bz2.sig">
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: GnuPG v1.4.9 (GNU/Linux)
|
|
|
|
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
|
ffffffffffffffffffffffff
|
|
fffff
|
|
-----END PGP SIGNATURE-----
|
|
</signature>
|
|
</verification>
|
|
<resources>
|
|
<url type="http">http://example.org/aria2-0.5.2.tar.bz2</url>
|
|
</resources>
|
|
</file>
|
|
<file name="aria2-0.5.3.tar.bz2">
|
|
<verification>
|
|
<signature type="pgp" file="../aria2-0.5.3.tar.bz2.sig">
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: GnuPG v1.4.9 (GNU/Linux)
|
|
|
|
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
|
ffffffffffffffffffffffff
|
|
fffff
|
|
-----END PGP SIGNATURE-----
|
|
</signature>
|
|
</verification>
|
|
<resources>
|
|
<url type="http">http://example.org/aria2-0.5.3.tar.bz2</url>
|
|
</resources>
|
|
</file>
|
|
</files>
|
|
</metalink>
|