Skip to content

Commit

Permalink
Merge pull request #1 from mradigen/main
Browse files Browse the repository at this point in the history
Improve escapeSpecialCharacters to prevent arbitrary code execution
  • Loading branch information
nots1dd authored Jul 8, 2024
2 parents 0048782 + a7a4e56 commit 65f7970
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions headers/src/lmus_cache.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,8 @@ string getFileNameFromInode(const string& inode) {
string escapeSpecialCharacters(const string& fileName) {
string escapedFileName;
for (char c : fileName) {
if (c == '$' || c == '#') {
escapedFileName += '\\'; // Add a backslash before special characters
if (c == '\'') {
escapedFileName += "'\"'\"'"; // Add a backslash before special characters
}
escapedFileName += c;
}
Expand All @@ -80,7 +80,7 @@ void storeMetadataJSON(const string& inode, const string& fileName, json& artist
string escapedFileName = escapeSpecialCharacters(fileName);

// Construct the ffprobe command with the escaped filename
string metadataCmd = "ffprobe -v quiet -print_format json -show_format \"" + escapedFileName + "\"";
string metadataCmd = "ffprobe -v quiet -print_format json -show_format '" + escapedFileName + "'";
string metadataInfo = executeCommand(metadataCmd);

auto metadata = json::parse(metadataInfo);
Expand Down

0 comments on commit 65f7970

Please sign in to comment.