From d5ad786926f65dc4335df6c3586bad84e5c51b43 Mon Sep 17 00:00:00 2001
From: Rob Swindell <rob@synchro.net>
Date: Tue, 20 Apr 2021 21:59:10 -0700
Subject: [PATCH] Fail on "disallowed filename" after filtering for
 filename/pattern

Extracting a file_id.diz would fail if the file contained any disallowed filenames before the DIZ, e.g.:
 Error: disallowed filename '_blockmen_res[v]olution.ans' (after extracting 0 items successfully)
---
 src/sbbs3/filedat.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/sbbs3/filedat.c b/src/sbbs3/filedat.c
index 9403c42c7a..f9ffb6015c 100644
--- a/src/sbbs3/filedat.c
+++ b/src/sbbs3/filedat.c
@@ -810,12 +810,6 @@ long extract_files_from_archive(const char* archive, const char* outdir, const c
 		if(filetype != AE_IFREG)
 			continue;
 		char* filename = getfname(pathname);
-		if(allowed_filename_chars != NULL
-			&& *allowed_filename_chars != '\0'
-			&& strspn(filename, allowed_filename_chars) != strlen(filename)) {
-			safe_snprintf(error, maxerrlen, "disallowed filename '%s'", pathname);
-			break;
-		}
 		if(!with_path)
 			pathname = filename;
 		if(file_list != NULL) {
@@ -826,6 +820,12 @@ long extract_files_from_archive(const char* archive, const char* outdir, const c
 			if(file_list[i] == NULL)
 				continue;
 		}
+		if(allowed_filename_chars != NULL
+			&& *allowed_filename_chars != '\0'
+			&& strspn(filename, allowed_filename_chars) != strlen(filename)) {
+			safe_snprintf(error, maxerrlen, "disallowed filename '%s'", pathname);
+			break;
+		}
 		SAFECOPY(fpath, outdir);
 		backslash(fpath);
 		SAFECAT(fpath, pathname);
-- 
GitLab