From d68bec4abb4a8dc935aea79c404550acdf8dec25 Mon Sep 17 00:00:00 2001 From: MiranDMC Date: Fri, 13 Sep 2024 16:56:23 +0200 Subject: [PATCH] Fixed IsFilepathSafe util function. (#190) --- cleo_sdk/CLEO_Utils.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cleo_sdk/CLEO_Utils.h b/cleo_sdk/CLEO_Utils.h index b0ae2bd2..35d0ca0f 100644 --- a/cleo_sdk/CLEO_Utils.h +++ b/cleo_sdk/CLEO_Utils.h @@ -122,10 +122,10 @@ namespace CLEO // does file path points inside game directories? (game root or user files) static bool IsFilepathSafe(CLEO::CRunningScript* thread, const char* path) { - auto IsSubpath = [](std::filesystem::path path, std::filesystem::path base) + auto IsSubpath = [](std::filesystem::path path, std::filesystem::path base) { - auto relative = std::filesystem::relative(base, path); - return relative.empty() || relative.native()[0] != '.'; + auto relative = std::filesystem::relative(path, base); + return !relative.empty() && *relative.begin() != ".."; }; auto fsPath = std::filesystem::path(path);