nicoeri/filebrowser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

secure filename in webvtt regex against accidental evaluation

Browse Source 
Co-authored-by: Ramires Viana <59319979+ramiresviana@users.noreply.github.com>
This commit is contained in:
Mazen Besher 2021-12-20 13:51:59 +01:00 committed by GitHub
parent d1b4d54ccf
commit 39abd1da6d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
files/file.go
View File

@ -279,7 +279,7 @@ func (i *FileInfo) detectSubtitles() {
dir, err := afs.ReadDir(parentDir)
if err == nil {
base := strings.TrimSuffix(i.Name, ext)
r := regexp.MustCompile(base + `\.(.*\.)?vtt`)
r := regexp.MustCompile("^" + regexp.QuoteMeta(base) + `\.(.*\.)?vtt$`)
for _, f := range dir {
if !f.IsDir() {
if matches := r.FindStringSubmatch(f.Name()); len(matches) == 2 {