From d52e7ae785318ae8ed2b694f85e66e6bf33dfecc Mon Sep 17 00:00:00 2001
From: Kevin Jump <kevin@thejumps.co.uk>
Date: Sat, 15 Jun 2024 21:00:57 +0100
Subject: [PATCH] path trim

---
 uSync.BackOffice/Services/uSyncService_Files.cs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/uSync.BackOffice/Services/uSyncService_Files.cs b/uSync.BackOffice/Services/uSyncService_Files.cs
index f3e4395f..ef0d63f5 100644
--- a/uSync.BackOffice/Services/uSyncService_Files.cs
+++ b/uSync.BackOffice/Services/uSyncService_Files.cs
@@ -50,6 +50,8 @@ public void DeCompressFile(string zipArchive, string target)
 
         var resolvedTarget = _syncFileService.GetAbsPath(target);
 
+        var fullTarget = Path.GetFullPath(resolvedTarget);
+
         using (var zip = ZipFile.OpenRead(zipArchive))
         {
             if (!zip.Entries.Any(x => x.FullName.EndsWith(_uSyncConfig.Settings.DefaultExtension)))
@@ -61,9 +63,10 @@ public void DeCompressFile(string zipArchive, string target)
                 if (entry.Length == 0) continue;
 
                 var filePath = GetOSDependentPath(entry.FullName);
+
                 var destination = Path.GetFullPath(Path.Combine(resolvedTarget, filePath));
-                if (destination.StartsWith(resolvedTarget) is false)
-                    throw new Exception("Invalid file path");
+                if (!destination.StartsWith(fullTarget))
+                    throw new InvalidOperationException("Invalid file path");
 
                 var destinationFolder = Path.GetDirectoryName(destination);