From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Wed, 5 Apr 2023 14:30:38 +0000 (+0200)
Subject: Compare the paths with unified directory separator in PackageInstallationDispatcher... 
X-Git-Tag: 6.0.0_Alpha_1~291^2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=1db23af856e11d4ffb00072c98b25f17b379443c;p=GitHub%2FWoltLab%2FWCF.git

Compare the paths with unified directory separator in PackageInstallationDispatcher::getArchive()

This is necessary for Windows which uses backslashes, whereas the entire
software hardcodes the slash as a directory separator (which is also accepted
by Windows).

Fixes #5370
---

diff --git a/wcfsetup/install/files/lib/system/package/PackageInstallationDispatcher.class.php b/wcfsetup/install/files/lib/system/package/PackageInstallationDispatcher.class.php
index ac08f505d7..a61de5d638 100644
--- a/wcfsetup/install/files/lib/system/package/PackageInstallationDispatcher.class.php
+++ b/wcfsetup/install/files/lib/system/package/PackageInstallationDispatcher.class.php
@@ -479,7 +479,7 @@ class PackageInstallationDispatcher
             }
 
             $this->archive = new PackageArchive($this->queue->archive);
-            if (!\str_starts_with(\realpath($this->archive->getArchive()), \TMP_DIR)) {
+            if (!\str_starts_with(FileUtil::unifyDirSeparator(\realpath($this->archive->getArchive())), \TMP_DIR)) {
                 throw new \Exception('Refusing to handle an archive outside of the temporary directory.');
             }
             $this->archive->openArchive();