From 5970aaec26b95b2023b5823a7af89645a11b04a4 Mon Sep 17 00:00:00 2001
From: stuebinm
Date: Tue, 21 Dec 2021 13:42:28 +0100
Subject: disallow double courly braces

as per yesterday's discussion about extended scripting variables
---
 lib/Paths.hs | 2 +-
 lib/Uris.hs  | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/Paths.hs b/lib/Paths.hs
index d2861eb..b9b0d50 100644
--- a/lib/Paths.hs
+++ b/lib/Paths.hs
@@ -30,7 +30,7 @@ data PathResult = OkRelPath RelPath
 -- | horrible regex parsing for filepaths that is hopefully kinda safe
 parsePath :: Text -> PathResult
 parsePath text =
-  if | text =~ ("{{{.*}}}" :: Text) -> PathVarsDisallowed
+  if | T.isInfixOf "{{" text || T.isInfixOf "}}" text -> PathVarsDisallowed
      | rest =~ ("^([^/]*[^\\./]/)*[^/]*[^\\./]$" :: Text) -> OkRelPath (Path up path fragment)
      | "/_/" `isPrefixOf` text ->  UnderscoreMapLink
      | "/@/" `isPrefixOf` text ->  AtMapLink
diff --git a/lib/Uris.hs b/lib/Uris.hs
index e2d9a5f..24ddd93 100644
--- a/lib/Uris.hs
+++ b/lib/Uris.hs
@@ -18,6 +18,7 @@ import           Data.Either.Combinators (maybeToRight)
 import           Data.Map.Strict         (Map)
 import qualified Data.Map.Strict         as M
 import           Data.Text               (Text, pack)
+import qualified Data.Text as T
 import           GHC.Generics            (Generic)
 import           GHC.TypeLits            (KnownSymbol, symbolVal)
 import           Text.Regex.TDFA         ((=~))
@@ -66,7 +67,7 @@ data SubstError =
 applySubst :: KnownSymbol s
   => Proxy s -> SchemaSet -> Text -> Either SubstError Text
 applySubst s substs uri =  do
-  when (uri =~ "{{{.*}}}")
+  when (T.isInfixOf (pack "{{") uri || T.isInfixOf (pack "}}") uri)
    $ Left VarsDisallowed
   (schema, domain, rest) <- note NotALink $ parseUri uri
 
-- 
cgit v1.2.3