<p>Follow up <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="407156643" data-permission-text="Issue title is private" data-url="https://github.com/openstreetmap/openstreetmap-website/issues/2131" data-hovercard-type="pull_request" data-hovercard-url="/openstreetmap/openstreetmap-website/pull/2131/hovercard" href="https://github.com/openstreetmap/openstreetmap-website/pull/2131">#2131</a>: GPX upload uses external scripts to decompress zip/bzip/gzip files. To be on the safe side, some more input sanitization is required here.</p>
<p>We also need to improve zip file handling in general here, so people can't kill the server by uploading  funny zip bombs. <a href="https://github.com/openstreetmap/openstreetmap-website/blob/268a8cb06e0a4734b9cb226ecebcc8445be4a9de/app/models/trace.rb#L256-L268">https://github.com/openstreetmap/openstreetmap-website/blob/268a8cb06e0a4734b9cb226ecebcc8445be4a9de/app/models/trace.rb#L256-L268</a></p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/issues/2137">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ABWnLSQ7cu2KKvnxth7c5uNwXRHVhbGoks5vLChlgaJpZM4anR5Y">mute the thread</a>.<img src="https://github.com/notifications/beacon/ABWnLegOmZBli9e1MmYKATd789JJzPbIks5vLChlgaJpZM4anR5Y.gif" height="1" width="1" alt="" /></p>
<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/openstreetmap/openstreetmap-website","title":"openstreetmap/openstreetmap-website","subtitle":"GitHub repository","main_image_url":"https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/openstreetmap/openstreetmap-website"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"GPX upload : zip file handling (#2137)"}],"action":{"name":"View Issue","url":"https://github.com/openstreetmap/openstreetmap-website/issues/2137"}}}</script>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/issues/2137",
"url": "https://github.com/openstreetmap/openstreetmap-website/issues/2137",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>