Fix a potential security issue when storing screenshots

- force file basename without path elements
author: Georg Zotti <Georg.Zotti@univie.ac.at> 2023-03-18 23:24:00 +0100
committer: Georg Zotti <Georg.Zotti@univie.ac.at> 2023-03-18 23:24:00 +0100
commit: 9ecd967f0a103b34f217c97c095ff1c6dfae8fb8 (patch)
tree: 3c1521717e5d3cea735001ea0fd41a8e09cb1896
parent: 67d8bc6e97a2ef14258e5a8baa3d11a6c7de0d73 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/StelMainView.cpp b/src/StelMainView.cpp
index dcc541db29..ac205d6347 100644
--- a/src/StelMainView.cpp
+++ b/src/StelMainView.cpp
@@ -1617,7 +1617,7 @@ void StelMainView::setScreenshotDpi(int dpi)
 
 void StelMainView::saveScreenShot(const QString& filePrefix, const QString& saveDir, const bool overwrite)
 {
-	screenShotPrefix = filePrefix;
+	screenShotPrefix = QFileInfo(filePrefix).fileName(); // Strip away any path elements (Security issue!)
 	screenShotDir = saveDir;
 	flagOverwriteScreenshots=overwrite;
 	emit screenshotRequested();
author	Georg Zotti <Georg.Zotti@univie.ac.at>	2023-03-18 23:24:00 +0100
committer	Georg Zotti <Georg.Zotti@univie.ac.at>	2023-03-18 23:24:00 +0100
commit	9ecd967f0a103b34f217c97c095ff1c6dfae8fb8 (patch)
tree	3c1521717e5d3cea735001ea0fd41a8e09cb1896
parent	67d8bc6e97a2ef14258e5a8baa3d11a6c7de0d73 (diff)