Bug 1675: Prevent SCP server sending files that were not requested

https://winscp.net/tracker/1675

Source commit: 4aa587620973bf793fb6e783052277c0f7be4b55

source/core/ScpFileSystem.cpp

@@ -2361,6 +2361,10 @@ void __fastcall TSCPFileSystem::SCPSink(const UnicodeString TargetDir,
           {
             FTerminal->LogEvent(FORMAT(L"Warning: Remote host set a compound pathname '%s'", (Line)));
           }
+          if ((Level == 0) && (OnlyFileName != UnixExtractFileName(FileName)))
+          {
+            SCPError(LoadStr(UNREQUESTED_FILE), False);
+          }
 
           FullFileName = SourceDir + OnlyFileName;
           OperationProgress->SetFile(FullFileName);

source/resource/TextsCore.h

@@ -270,6 +270,7 @@
 #define S3_STATUS_ACCESS_DENIED 746
 #define UNKNOWN_FILE_ENCRYPTION 747
 #define INVALID_ENCRYPT_KEY     748
+#define UNREQUESTED_FILE        749
 
 #define CORE_CONFIRMATION_STRINGS 300
 #define CONFIRM_PROLONG_TIMEOUT3 301

source/resource/TextsCore1.rc

@@ -241,6 +241,7 @@ BEGIN
   MISSING_TARGET_BUCKET, "Specify target bucket."
   UNKNOWN_FILE_ENCRYPTION, "File is not encrypted using a known encryption."
   INVALID_ENCRYPT_KEY, "**Invalid encryption key.**\n\nEncryption key for %s encryption must have %d bytes. It must be entered in hexadecimal representation (i.e. %d characters)."
+  UNREQUESTED_FILE, "Server sent a file that was not requested."
 
   CORE_CONFIRMATION_STRINGS, "CORE_CONFIRMATION"
   CONFIRM_PROLONG_TIMEOUT3, "Host is not communicating for %d seconds.\n\nWait for another %0:d seconds?"