see 05/07 log

Blankj · Blankj · commit fa6ba9f1a666 · 2018-05-07T10:54:03.000+08:00
diff --git a/README-CN.md b/README-CN.md
@@ -41,7 +41,7 @@
 
 [logo]: https://raw.githubusercontent.com/Blankj/AndroidUtilCode/master/art/logo.png
 
-[aucsvg]: https://img.shields.io/badge/AndroidUtilCode-v1.14.3-brightgreen.svg
+[aucsvg]: https://img.shields.io/badge/AndroidUtilCode-v1.14.4-brightgreen.svg
 [auc]: https://github.com/Blankj/AndroidUtilCode
 
 [apisvg]: https://img.shields.io/badge/API-14+-brightgreen.svg
diff --git a/README.md b/README.md
@@ -41,7 +41,7 @@ If this project helps you a lot and you want to support the project's developmen
 
 [logo]: https://raw.githubusercontent.com/Blankj/AndroidUtilCode/master/art/logo.png
 
-[aucsvg]: https://img.shields.io/badge/AndroidUtilCode-v1.14.3-brightgreen.svg
+[aucsvg]: https://img.shields.io/badge/AndroidUtilCode-v1.14.4-brightgreen.svg
 [auc]: https://github.com/Blankj/AndroidUtilCode
 
 [apisvg]: https://img.shields.io/badge/API-14+-brightgreen.svg
diff --git a/app/build.gradle b/app/build.gradle
@@ -56,7 +56,7 @@ dependencies {
     // LeakCanary
     debugImplementation "com.squareup.leakcanary:leakcanary-android:$leakcanary_version"
     releaseImplementation "com.squareup.leakcanary:leakcanary-android-no-op:$leakcanary_version"
-//    implementation 'com.blankj:utilcode:1.14.3'
+//    implementation 'com.blankj:utilcode:1.14.4'
 }
 
 
diff --git a/build.gradle b/build.gradle
@@ -7,7 +7,7 @@ buildscript {
     dependencies {
         classpath 'com.android.tools.build:gradle:3.1.2'
         classpath 'com.github.dcendents:android-maven-gradle-plugin:1.5'
-        classpath 'com.jfrog.bintray.gradle:gradle-bintray-plugin:1.7.3'
+        classpath 'com.jfrog.bintray.gradle:gradle-bintray-plugin:1.8.0'
 
         classpath "tech.harmonysoft:traute-gradle:1.1.8"
         // NOTE: Do not place your application dependencies here; they belong
@@ -44,8 +44,8 @@ ext {
     min_sdk_version = 14
     target_sdk_version = 27
 
-    version_code = 1_014_003
-    version_name = '1.14.3'// E.g 1.9.72 => 1,009,072
+    version_code = 1_014_004
+    version_name = '1.14.4'// E.g 1.9.72 => 1,009,072
 
     // App dependencies
     support_version = '27.1.0'
diff --git a/update_log.md b/update_log.md
@@ -1,3 +1,4 @@
+* 18/05/07 修复 ZipUtils 漏洞，发布 1.14.4 版本
 * 18/05/03 修复 ToastUtils 默认字体大小问题，发布 1.14.3 版本
 * 18/05/02 修复 PermissionUtils 空异常，发布 1.14.2 版本
 * 18/04/28 新增 FlashlightUtils，发布 1.14.1 版本
diff --git a/utilcode/README-CN.md b/utilcode/README-CN.md
@@ -2,7 +2,7 @@
 
 Gradle:
 ```groovy
-implementation 'com.blankj:utilcode:1.14.3'
+implementation 'com.blankj:utilcode:1.14.4'
 ```
 
 
diff --git a/utilcode/README.md b/utilcode/README.md
@@ -2,7 +2,7 @@
 
 Gradle:
 ```groovy
-implementation 'com.blankj:utilcode:1.14.3'
+implementation 'com.blankj:utilcode:1.14.4'
 ```
 
 
diff --git a/utilcode/src/main/java/com/blankj/utilcode/util/ZipUtils.java b/utilcode/src/main/java/com/blankj/utilcode/util/ZipUtils.java
@@ -1,5 +1,7 @@
 package com.blankj.utilcode.util;
 
+import android.util.Log;
+
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
 import java.io.File;
@@ -291,12 +293,20 @@ public static List<File> unzipFileByKeyword(final File zipFile,
             while (entries.hasMoreElements()) {
                 ZipEntry entry = ((ZipEntry) entries.nextElement());
                 String entryName = entry.getName();
+                if (entryName.startsWith("../")) {
+                    Log.e("ZipUtils", "it's dangerous!");
+                    return files;
+                }
                 if (!unzipChildFile(destDir, files, zf, entry, entryName)) return files;
             }
         } else {
             while (entries.hasMoreElements()) {
                 ZipEntry entry = ((ZipEntry) entries.nextElement());
                 String entryName = entry.getName();
+                if (entryName.startsWith("../")) {
+                    Log.e("ZipUtils", "it's dangerous!");
+                    return files;
+                }
                 if (entryName.contains(keyword)) {
                     if (!unzipChildFile(destDir, files, zf, entry, entryName)) return files;
                 }

Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ dependencies {`
`56`	`56`	`// LeakCanary`
`57`	`57`	`debugImplementation "com.squareup.leakcanary:leakcanary-android:$leakcanary_version"`
`58`	`58`	`releaseImplementation "com.squareup.leakcanary:leakcanary-android-no-op:$leakcanary_version"`
`59`		`-// implementation 'com.blankj:utilcode:1.14.3'`
	`59`	`+// implementation 'com.blankj:utilcode:1.14.4'`
`60`	`60`	`}`
`61`	`61`
`62`	`62`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+* 18/05/07 修复 ZipUtils 漏洞，发布 1.14.4 版本`
`1`	`2`	`* 18/05/03 修复 ToastUtils 默认字体大小问题，发布 1.14.3 版本`
`2`	`3`	`* 18/05/02 修复 PermissionUtils 空异常，发布 1.14.2 版本`
`3`	`4`	`* 18/04/28 新增 FlashlightUtils，发布 1.14.1 版本`