diff options
author | stuebinm | 2021-12-20 00:15:08 +0100 |
---|---|---|
committer | stuebinm | 2021-12-20 00:15:08 +0100 |
commit | 5060f68b9728bf94818ee985c16c25511f248143 (patch) | |
tree | bc1f938be559c5e9c723c18211888db618f2607d /lib/Paths.hs | |
parent | fc9f714d03a9d018ab9f2474affcf995eb60a4e2 (diff) |
disallow extended API variables in links
Diffstat (limited to '')
-rw-r--r-- | lib/Paths.hs | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/Paths.hs b/lib/Paths.hs index f72874f..d2861eb 100644 --- a/lib/Paths.hs +++ b/lib/Paths.hs @@ -20,12 +20,18 @@ data RelPath = Path Int Text (Maybe Text) -data PathResult = OkRelPath RelPath | AbsolutePath | NotAPath | UnderscoreMapLink | AtMapLink +data PathResult = OkRelPath RelPath + | AbsolutePath + | NotAPath + | UnderscoreMapLink + | AtMapLink + | PathVarsDisallowed -- | horrible regex parsing for filepaths that is hopefully kinda safe parsePath :: Text -> PathResult parsePath text = - if | rest =~ ("^([^/]*[^\\./]/)*[^/]*[^\\./]$" :: Text) -> OkRelPath (Path up path fragment) + if | text =~ ("{{{.*}}}" :: Text) -> PathVarsDisallowed + | rest =~ ("^([^/]*[^\\./]/)*[^/]*[^\\./]$" :: Text) -> OkRelPath (Path up path fragment) | "/_/" `isPrefixOf` text -> UnderscoreMapLink | "/@/" `isPrefixOf` text -> AtMapLink | "/" `isPrefixOf` text -> AbsolutePath |