diff options
| -rw-r--r-- | cmd/mimi/modules/discord/heic2jpeg/heic2jpeg.go | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/cmd/mimi/modules/discord/heic2jpeg/heic2jpeg.go b/cmd/mimi/modules/discord/heic2jpeg/heic2jpeg.go index ad1a0b2..b49f151 100644 --- a/cmd/mimi/modules/discord/heic2jpeg/heic2jpeg.go +++ b/cmd/mimi/modules/discord/heic2jpeg/heic2jpeg.go @@ -88,7 +88,13 @@ func (m *Module) heic2jpeg(s *discordgo.Session, mc *discordgo.MessageCreate) { } fname := filepath.Join(dir, baseName) absPath, err := filepath.Abs(fname) - if err != nil || !strings.HasPrefix(absPath, dir) { + if err != nil { + s.ChannelMessageSend(mc.ChannelID, "invalid file path") + slog.Error("invalid file path", "path", absPath) + return + } + relPath, err := filepath.Rel(dir, absPath) + if err != nil || strings.HasPrefix(relPath, "..") { s.ChannelMessageSend(mc.ChannelID, "invalid file path") slog.Error("invalid file path", "path", absPath) return |