en Copyright 2025 Java http://127.0.0.1:8080/history/dokuwiki/lib/plugins/extension/_test/testdata/evilbase/plugin.info.txt#9af82229f03804fb3198cbdf48d60d34d8afb191 extension: validate base name to prevent path traversal on installThe extension base name flowed unsanitized from an uploaded archive'splugin.info.txt (or an extension id) into getInstallDir(), wherefullpath() collapses '..' segments. A crafted base such as'../../../../evil' therefore resolved outside lib/plugins/, lettingdircopy() write the archive contents to an arbitrary web-writable path.Route every base assignment through a new setBase() that rejectsanything other than a bare extension name.Note: this is not really a security concern since plugins can executearbitrary code by design. The is mostly to make sure, plugin code is notinstalled accidentally at the wrong location. List of files: /dokuwiki/lib/plugins/extension/_test/testdata/evilbase/plugin.info.txt Thu, 25 Jun 2026 19:08:43 +0000 Andreas Gohr <gohr@cosmocode.de>