From acc07ffa5d74f4d0ef711be5b80640f5c5453f09 Mon Sep 17 00:00:00 2001
From: Sebastian Serth <Sebastian.Serth@hpi.de>
Date: Thu, 18 Aug 2022 16:45:15 +0200
Subject: [PATCH] Disallow leading / in zip archives

---
 app/controllers/submissions_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb
index 757163fd..8af33350 100644
--- a/app/controllers/submissions_controller.rb
+++ b/app/controllers/submissions_controller.rb
@@ -27,7 +27,7 @@ class SubmissionsController < ApplicationController
 
     stringio = Zip::OutputStream.write_buffer do |zio|
       @files.each do |file|
-        zio.put_next_entry(file.filepath)
+        zio.put_next_entry(file.filepath.delete_prefix('/'))
         zio.write(file.content.presence || file.native_file.read)
       end