aaa/chomens-bot-java
1
0
Fork 0
forked from ChomeNS/chomens-bot-java
Code Pull requests Activity

fix exploit with //// in music list

Browse source
This commit is contained in:
Chayapak 2023-10-16 09:05:23 +07:00
parent 5b403dc9ca
commit d43ef39b08
1 changed files with 10 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
src/main/java/land/chipmunk/chayapak/chomens_bot/commands/MusicCommand.java
View file

@ -368,12 +368,10 @@ public class MusicCommand extends Command {
final String stringPathIfExists = context.getString(true, false); final String stringPathIfExists = context.getString(true, false);
final Path path = (stringPathIfExists.isEmpty()) ? final Path path = Path.of(
root : root.toString(),
Path.of( stringPathIfExists
root.toString(), );
stringPathIfExists
);
if (!path.normalize().startsWith(root.toString())) throw new CommandException(Component.text("no")); if (!path.normalize().startsWith(root.toString())) throw new CommandException(Component.text("no"));
@ -395,7 +393,12 @@ public class MusicCommand extends Command {
location = Paths.get(""); // wtf mabe location = Paths.get(""); // wtf mabe
} }
final String joinedPath = stringPathIfExists.isEmpty() ? eachPath.getFileName().toString() : Paths.get(location.getFileName().toString(), eachPath.getFileName().toString()).toString(); final String joinedPath = location.equals(root) ?
eachPath.getFileName().toString() :
Paths.get(
location.getFileName().toString(),
eachPath.getFileName().toString()
).toString();
fullList.add( fullList.add(
Component Component