diff --git a/brouter-routing-app/src/main/java/btools/routingapp/BRouterView.java b/brouter-routing-app/src/main/java/btools/routingapp/BRouterView.java index 7e31474..1586c1d 100644 --- a/brouter-routing-app/src/main/java/btools/routingapp/BRouterView.java +++ b/brouter-routing-app/src/main/java/btools/routingapp/BRouterView.java @@ -562,7 +562,10 @@ public class BRouterView extends View { } String name = ze.getName(); File outfile = new File(path, name); - if (!outfile.exists() && outfile.getParentFile() != null) { + String canonicalPath = outfile.getCanonicalPath(); + if (canonicalPath.startsWith(path.getCanonicalPath()) && + !outfile.exists() && + outfile.getParentFile() != null) { outfile.getParentFile().mkdirs(); FileOutputStream fos = new FileOutputStream(outfile); @@ -575,6 +578,7 @@ public class BRouterView extends View { fos.close(); } } + zis.close(); is.close(); return true; } catch (IOException io) { diff --git a/brouter-routing-app/src/main/java/btools/routingapp/ServerConfig.java b/brouter-routing-app/src/main/java/btools/routingapp/ServerConfig.java index 658b13e..0d83d49 100644 --- a/brouter-routing-app/src/main/java/btools/routingapp/ServerConfig.java +++ b/brouter-routing-app/src/main/java/btools/routingapp/ServerConfig.java @@ -105,7 +105,10 @@ public class ServerConfig { String name = ze.getName(); if (name.equals(mServerConfigName)) { File outfile = new File(path, name + ".tmp"); - if (!outfile.exists() && outfile.getParentFile() != null) { + String canonicalPath = outfile.getCanonicalPath(); + if (canonicalPath.startsWith(path.getCanonicalPath()) && + !outfile.exists() && + outfile.getParentFile() != null) { outfile.getParentFile().mkdirs(); FileOutputStream fos = new FileOutputStream(outfile);