path traversal fix

1 files changed, 12 insertions, 0 deletions

diff --git a/lib/_ak_settings b/lib/_ak_settings
index 500b34f..1a4be03 100755
--- a/lib/_ak_settings
+++ b/lib/_ak_settings
@@ -12,6 +12,12 @@ _ak_settings_get(){
             _ak_log_error "No ungrouped settings allowed"
             exit 1
         fi
+        echo $1 | grep '\.\.' > /dev/null 2>&1
+        if [ $? -eq 0 ]
+        then
+            _ak_log_error "No '..' allowed"
+            exit 1
+        fi
         subset="$(echo $1 | cut -d '.' -f 1)"
         echo "$subset" | grep '[.\-\*/~!@#$%^&*()_=\-\>\<,{}[]]' > /dev/null 2>&1
         if [ $? -eq 0 ]
@@ -50,6 +56,12 @@ _ak_settings_get(){
 _ak_settings_set(){
     if [ ! -z "$1" ] && [ -n "$1" ]
     then
+        echo $1 | grep '\.\.' > /dev/null 2>&1
+        if [ $? -eq 0 ]
+        then
+            _ak_log_error "No '..' allowed"
+            exit 1
+        fi
         if [ ! -z "$2" ] && [ -n "$2" ]
         then
             cd $AK_SETTINGS