書庫作成/追加時にもDTV検査を行い、格納パスを表示する機能を追加。

書庫を開く際のDTV検査の精度を向上。
展開ダイアログを表示する際にDTV検査が行われていなかったバグを修正。

git-svn-id: svn+ssh://svn.sourceforge.jp/svnroot/tpi/tpi@320 9df91469-1e22-0410-86e7-ea8537beb833

diff --git a/doc/history.html b/doc/history.html
index f9185ca..45fdf40 100644 (file)
--- a/doc/history.html
+++ b/doc/history.html
@@ -33,13 +33,16 @@
      <dd>\r
       <ul>\r
        <li class="add">Linux上で展開先をDolphinで開く機能に対応。</li>\r
+       <li class="add">書庫作成/追加時にもDTV検査を行い、格納パスを表示する機能を追加。</li>\r
        <li class="chg">一時ファイルをOSのテンポラリディレクトリに作成するよう変更。</li>\r
        <li class="chg">LycheeのウインドウへDnDできる範囲をリストビューだけでなくウインドウ全体に変更。</li>\r
        <li class="chg">書庫閲覧時にDnDで展開するとき、Lycheeの同じウインドウへはドロップできないよう変更。</li>\r
        <li class="chg">書庫を開いたときやDnDから書庫の作成を試みたときにLycheeのウインドウを前面に出すよう変更。</li>\r
+       <li class="chg">書庫を開く際のDTV検査の精度を向上。</li>\r
        <li class="fix">Linux上でのDnD展開で、ファイル名が多バイト文字になっていた場合にコピーに失敗していたバグを修正。</li>\r
        <li class="fix">Linux上でDnD展開して途中でキャンセルした場合にも暫く操作できなくなっていたバグを修正。</li>\r
        <li class="fix">書庫の作成時に、初期値では分割サイズが0でない不正な値になってしまっていたバグを修正。</li>\r
+       <li class="fix">展開ダイアログを表示する際にDTV検査が行われていなかったバグを修正。</li>\r
       </ul>\r
      </dd>\r
      <dt>7zArc</dt>\r

diff --git a/src/lychee/dlg_make.cpp b/src/lychee/dlg_make.cpp
index 026f13c..70769ca 100644 (file)
--- a/src/lychee/dlg_make.cpp
+++ b/src/lychee/dlg_make.cpp
@@ -239,10 +239,16 @@ void MakeDialog::OnInit(wxInitDialogEvent&)
        }\r
 \r
        // 展開/格納先を予測。ただしDTVスキャンに時間がかかる場合はスキップ可能。\r
-       if (this->lcFiles->asInput->GetCount() < 3000 || ::AskDlg(_("This archive contains so many files that it takes long to check Directory Traversal Vulnerability(DTV) problem. If you are sure this archive is safe, you can skip this scanning process. Do you want to scan for DTV problem?"), this) == wxYES)\r
+       if (this->lcFiles->asInput->GetCount() < 3000 ||\r
+               ::AskDlg(\r
+                       this->uCommand == TPI_COMMAND_EXTRACT ?\r
+                               _("This archive contains so many files that it takes long to check Directory Traversal Vulnerability(DTV) problem. If you are sure this archive is safe, you can skip this scanning process. Do you want to scan for DTV problem?") :\r
+                               _("The files you want to store are too many, so it takes long to check Directory Traversal Vulnerability(DTV) problem. If you are sure the path of the files are no problem, you can skip this scanning process. Do you want to scan for DTV problem?"),\r
+                       this\r
+               ) == wxYES)\r
        {\r
                wxNotebookEvent e;\r
-               e.SetSelection(3);\r
+               e.SetSelection(4);\r
                this->OnTabChanged(e);\r
        }\r
 \r
@@ -369,6 +375,7 @@ void MakeDialog::OnTabChanged(wxNotebookEvent& e)
        this->lcFiles->asOutput.Clear();\r
        this->lcFiles->apItem.Clear();\r
 \r
+       bool fDTVWarning = false;\r
        switch (this->uCommand)\r
        {\r
        case TPI_COMMAND_EXTRACT:\r
@@ -377,7 +384,6 @@ void MakeDialog::OnTabChanged(wxNotebookEvent& e)
                wxString szOutputRootDir = WillMakeDirByArcName((MainFrame *) this->GetParent(), this) ? MakeDirPath(wxFileName::DirName(this->cbDir->GetValue()), wxFileName(this->cbFileName->GetValue()).GetName(), false).GetPath() : this->cbDir->GetValue();\r
 \r
                // 各ファイルにパスを付加。\r
-               bool fDTVWarning = false;\r
                for (size_t i = 0; i < this->lcFiles->asInput->GetCount(); i++)\r
                {\r
                        wxString szOutputFile = szOutputRootDir + wxFileName::GetPathSeparator();\r
@@ -398,22 +404,42 @@ void MakeDialog::OnTabChanged(wxNotebookEvent& e)
                        }\r
                        this->lcFiles->asOutput.Add(fnOutput.GetFullPath());\r
                }\r
-\r
-               if (fDTVWarning && ::AskDlg(_("This archive may have Directory Traversal Vulnerability(DTV) problem, and some danger files may be extracted to the unexpected system directory! It is strongly recommended to ignore file path. Would you like to do so?"), this) == wxYES)\r
-               {\r
-                       this->cbIgnorePath->SetValue(true);\r
-                       this->OnTabChanged(e);\r
-               }\r
                break;\r
        }\r
        case TPI_COMMAND_ADD:\r
        case TPI_COMMAND_CREATE:\r
-               // TODO : 格納パスを推測。\r
-               this->lcFiles->asOutput = * this->lcFiles->asInput;\r
-               this->lcFiles->apItem.SetCount(this->lcFiles->asInput->GetCount(), NULL);\r
+               // 格納パスを推測。\r
+               for (size_t i = 0; i < this->lcFiles->asInput->GetCount(); i++)\r
+               {\r
+                       wxFileName fnStored(this->lcFiles->asInput->Item(i));\r
+                       this->lcFiles->asOutput.Add(this->cbIgnorePath->IsChecked() ? fnStored.GetFullName() : fnStored.GetFullPath());\r
+                       fnStored = wxFileName(this->lcFiles->asOutput.Item(i));\r
+                       if (fnStored.GetPathWithSep(wxPATH_UNIX).Find(wxT("../")) != wxNOT_FOUND)\r
+                       {\r
+                               fDTVWarning = true;\r
+                               this->lcFiles->apItem.Add(& this->lcFiles->atDangerItem);\r
+                       }\r
+                       else\r
+                       {\r
+                               this->lcFiles->apItem.Add(NULL);\r
+                       }\r
+               }\r
                break;\r
        }\r
 \r
+       // DTV検査で異常があれば警告。\r
+       if (fDTVWarning &&\r
+               ::AskDlg(\r
+                       _("This archive may have Directory Traversal Vulnerability(DTV) problem, ") +\r
+                       (this->uCommand == TPI_COMMAND_EXTRACT ?\r
+                               _("and some danger files may be extracted to the unexpected system directory! It is strongly recommended to ignore file path. Would you like to do so?") :\r
+                               _("and some danger files may be stored! It is strongly recommended to ignore file path. Would you like to do so?")),\r
+                       this) == wxYES)\r
+       {\r
+               this->cbIgnorePath->SetValue(true);\r
+               this->OnTabChanged(e);\r
+       }\r
+\r
        // リストビューに表示。\r
        this->lcFiles->SetItemCount(this->lcFiles->asInput->GetCount());\r
 }\r

diff --git a/src/lychee/frm_main.cpp b/src/lychee/frm_main.cpp
index 90c27b8..1cb8112 100644 (file)
--- a/src/lychee/frm_main.cpp
+++ b/src/lychee/frm_main.cpp
@@ -410,7 +410,7 @@ void MainFrame::OnArcOpen(wxCommandEvent& e)
 \r
                        // セキュリティチェック。\r
                        // DTV検査。\r
-                       if (piInfo.fiInfo.fnFileName.GetPathWithSep().Find(wxT("..")) != wxNOT_FOUND)\r
+                       if (piInfo.fiInfo.fnFileName.GetPathWithSep(wxPATH_UNIX).Find(wxT("../")) != wxNOT_FOUND)\r
                        {\r
                                piInfo.fiInfo.eDanger = TRUE;\r
                                wxLogWarning(_("This archive may have Directory Traversal Vulnerability(DTV) problem, and some danger files may be extracted to the unexpected system directory! You should use the \"Ignore file pathes\" option when extracting this archive.\nDanger file is:\n%s"), piInfo.fiInfo.fnFileName.GetFullPath().c_str());\r