Merge pull request #41 from syzoj/unzip

Use modified unzip to prevent zip symlink attack
6 years ago · ae66b4078e
3 changed files with 38 additions and 1 deletions
--- a/bin/unzip
+++ b/bin/unzip
--- a/models/problem.js
+++ b/models/problem.js
@ -340,7 +340,8 @@ class Problem extends Model {
      await fs.remove(dir);
      await fs.ensureDir(dir);

-      await p7zip.extract(path, dir);
+      let execFileAsync = Promise.promisify(require('child_process').execFile);
+      await execFileAsync(__dirname + '/../bin/unzip', ['-j', '-o', '-d', dir, path]);
      await fs.move(path, this.getTestdataArchivePath(), { overwrite: true });
    });
  }
--- a/static/style.css
+++ b/static/style.css
@ -35,6 +35,42 @@ body
    sans-serif;
 }

+.ui.header,
+.ui.button,
+.ui.input input,
+.ui.menu,
+.ui.form input:not([type]),
+.ui.form input[type=date],
+.ui.form input[type=datetime-local],
+.ui.form input[type=email],
+.ui.form input[type=file],
+.ui.form input[type=number],
+.ui.form input[type=password],
+.ui.form input[type=search],
+.ui.form input[type=tel],
+.ui.form input[type=text],
+.ui.form input[type=time],
+.ui.form input[type=url],
+h1,
+h2,
+h3,
+h4,
+h5,
+body
+ {
+  font-family: 
+    -apple-system, 
+    'PingFang SC',/* Apple */ 
+    'Source Han Sans SC', 
+    'Noto Sans CJK SC', /* Google */
+    'Microsoft Yahei', 
+    'Lantinghei SC', 
+    'Hiragino Sans GB', 
+    'Microsoft Sans Serif', /* M$ */
+    'WenQuanYi Micro Hei', /* *nix */
+    sans-serif;
+}
+
 .font-content {
  font-family: 'Open Sans', 'Source Han Sans SC', 'Noto Sans CJK SC', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft Yahei', sans-serif;
 }