From a32f9ab57ce918bcb215f4037cc61798aac42498 Mon Sep 17 00:00:00 2001 From: kaotisk Date: Sun, 21 Jul 2024 08:38:41 +0300 Subject: path traversal fix --- lib/_ak_settings | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'lib/_ak_settings') diff --git a/lib/_ak_settings b/lib/_ak_settings index 500b34f..1a4be03 100755 --- a/lib/_ak_settings +++ b/lib/_ak_settings @@ -12,6 +12,12 @@ _ak_settings_get(){ _ak_log_error "No ungrouped settings allowed" exit 1 fi + echo $1 | grep '\.\.' > /dev/null 2>&1 + if [ $? -eq 0 ] + then + _ak_log_error "No '..' allowed" + exit 1 + fi subset="$(echo $1 | cut -d '.' -f 1)" echo "$subset" | grep '[.\-\*/~!@#$%^&*()_=\-\>\<,{}[]]' > /dev/null 2>&1 if [ $? -eq 0 ] @@ -50,6 +56,12 @@ _ak_settings_get(){ _ak_settings_set(){ if [ ! -z "$1" ] && [ -n "$1" ] then + echo $1 | grep '\.\.' > /dev/null 2>&1 + if [ $? -eq 0 ] + then + _ak_log_error "No '..' allowed" + exit 1 + fi if [ ! -z "$2" ] && [ -n "$2" ] then cd $AK_SETTINGS -- cgit v1.2.3