diff options
| author | Xe Iaso <me@xeiaso.net> | 2025-03-03 07:26:19 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-03 07:26:19 -0500 |
| commit | b59951e60aa80d9ab08312f6e83353ba81274143 (patch) | |
| tree | f349396392bf96046b292d4f9ca8a1658cf369c0 | |
| parent | 4f518f6164d0f91c6970ed0d3b1b2e9a9a3eda2a (diff) | |
| download | x-alert-autofix-9.tar.xz x-alert-autofix-9.zip | |
Update cmd/mimi/modules/discord/heic2jpeg/heic2jpeg.goalert-autofix-9
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
| -rw-r--r-- | cmd/mimi/modules/discord/heic2jpeg/heic2jpeg.go | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/cmd/mimi/modules/discord/heic2jpeg/heic2jpeg.go b/cmd/mimi/modules/discord/heic2jpeg/heic2jpeg.go index ad1a0b2..b49f151 100644 --- a/cmd/mimi/modules/discord/heic2jpeg/heic2jpeg.go +++ b/cmd/mimi/modules/discord/heic2jpeg/heic2jpeg.go @@ -88,7 +88,13 @@ func (m *Module) heic2jpeg(s *discordgo.Session, mc *discordgo.MessageCreate) { } fname := filepath.Join(dir, baseName) absPath, err := filepath.Abs(fname) - if err != nil || !strings.HasPrefix(absPath, dir) { + if err != nil { + s.ChannelMessageSend(mc.ChannelID, "invalid file path") + slog.Error("invalid file path", "path", absPath) + return + } + relPath, err := filepath.Rel(dir, absPath) + if err != nil || strings.HasPrefix(relPath, "..") { s.ChannelMessageSend(mc.ChannelID, "invalid file path") slog.Error("invalid file path", "path", absPath) return |