diff options
author | stuebinm | 2021-12-21 13:42:28 +0100 |
---|---|---|
committer | stuebinm | 2021-12-21 13:42:28 +0100 |
commit | 5970aaec26b95b2023b5823a7af89645a11b04a4 (patch) | |
tree | e40e861b8a63b9d1022235570e7ba276f79c1a98 | |
parent | 3a9af9322c1348b03034b80fb11b5a22e3b811a2 (diff) |
disallow double courly braces
as per yesterday's discussion about extended scripting variables
-rw-r--r-- | lib/Paths.hs | 2 | ||||
-rw-r--r-- | lib/Uris.hs | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/lib/Paths.hs b/lib/Paths.hs index d2861eb..b9b0d50 100644 --- a/lib/Paths.hs +++ b/lib/Paths.hs @@ -30,7 +30,7 @@ data PathResult = OkRelPath RelPath -- | horrible regex parsing for filepaths that is hopefully kinda safe parsePath :: Text -> PathResult parsePath text = - if | text =~ ("{{{.*}}}" :: Text) -> PathVarsDisallowed + if | T.isInfixOf "{{" text || T.isInfixOf "}}" text -> PathVarsDisallowed | rest =~ ("^([^/]*[^\\./]/)*[^/]*[^\\./]$" :: Text) -> OkRelPath (Path up path fragment) | "/_/" `isPrefixOf` text -> UnderscoreMapLink | "/@/" `isPrefixOf` text -> AtMapLink diff --git a/lib/Uris.hs b/lib/Uris.hs index e2d9a5f..24ddd93 100644 --- a/lib/Uris.hs +++ b/lib/Uris.hs @@ -18,6 +18,7 @@ import Data.Either.Combinators (maybeToRight) import Data.Map.Strict (Map) import qualified Data.Map.Strict as M import Data.Text (Text, pack) +import qualified Data.Text as T import GHC.Generics (Generic) import GHC.TypeLits (KnownSymbol, symbolVal) import Text.Regex.TDFA ((=~)) @@ -66,7 +67,7 @@ data SubstError = applySubst :: KnownSymbol s => Proxy s -> SchemaSet -> Text -> Either SubstError Text applySubst s substs uri = do - when (uri =~ "{{{.*}}}") + when (T.isInfixOf (pack "{{") uri || T.isInfixOf (pack "}}") uri) $ Left VarsDisallowed (schema, domain, rest) <- note NotALink $ parseUri uri |