From a32f9ab57ce918bcb215f4037cc61798aac42498 Mon Sep 17 00:00:00 2001
From: kaotisk <kaotisk@arching-kaos.org>
Date: Sun, 21 Jul 2024 08:38:41 +0300
Subject: path traversal fix

---
 lib/_ak_settings | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/lib/_ak_settings b/lib/_ak_settings
index 500b34f..1a4be03 100755
--- a/lib/_ak_settings
+++ b/lib/_ak_settings
@@ -12,6 +12,12 @@ _ak_settings_get(){
             _ak_log_error "No ungrouped settings allowed"
             exit 1
         fi
+        echo $1 | grep '\.\.' > /dev/null 2>&1
+        if [ $? -eq 0 ]
+        then
+            _ak_log_error "No '..' allowed"
+            exit 1
+        fi
         subset="$(echo $1 | cut -d '.' -f 1)"
         echo "$subset" | grep '[.\-\*/~!@#$%^&*()_=\-\>\<,{}[]]' > /dev/null 2>&1
         if [ $? -eq 0 ]
@@ -50,6 +56,12 @@ _ak_settings_get(){
 _ak_settings_set(){
     if [ ! -z "$1" ] && [ -n "$1" ]
     then
+        echo $1 | grep '\.\.' > /dev/null 2>&1
+        if [ $? -eq 0 ]
+        then
+            _ak_log_error "No '..' allowed"
+            exit 1
+        fi
         if [ ! -z "$2" ] && [ -n "$2" ]
         then
             cd $AK_SETTINGS
-- 
cgit v1.2.3