forked from ChomeNS/chomens-bot-java
fix exploit with ////
in music list
This commit is contained in:
parent
5b403dc9ca
commit
d43ef39b08
1 changed files with 10 additions and 7 deletions
|
@ -368,12 +368,10 @@ public class MusicCommand extends Command {
|
|||
|
||||
final String stringPathIfExists = context.getString(true, false);
|
||||
|
||||
final Path path = (stringPathIfExists.isEmpty()) ?
|
||||
root :
|
||||
Path.of(
|
||||
root.toString(),
|
||||
stringPathIfExists
|
||||
);
|
||||
final Path path = Path.of(
|
||||
root.toString(),
|
||||
stringPathIfExists
|
||||
);
|
||||
|
||||
if (!path.normalize().startsWith(root.toString())) throw new CommandException(Component.text("no"));
|
||||
|
||||
|
@ -395,7 +393,12 @@ public class MusicCommand extends Command {
|
|||
location = Paths.get(""); // wtf mabe
|
||||
}
|
||||
|
||||
final String joinedPath = stringPathIfExists.isEmpty() ? eachPath.getFileName().toString() : Paths.get(location.getFileName().toString(), eachPath.getFileName().toString()).toString();
|
||||
final String joinedPath = location.equals(root) ?
|
||||
eachPath.getFileName().toString() :
|
||||
Paths.get(
|
||||
location.getFileName().toString(),
|
||||
eachPath.getFileName().toString()
|
||||
).toString();
|
||||
|
||||
fullList.add(
|
||||
Component
|
||||
|
|
Loading…
Reference in a new issue