fix security issue with favorites

2022-11-23 23:45:48 -05:00
parent 47919cfb4b
commit 76d0720727
2 changed files with 14 additions and 6 deletions
--- a/zefie_wtvp_minisrv/ServiceVault/wtv-favorite/commit-add-folder.js
+++ b/zefie_wtvp_minisrv/ServiceVault/wtv-favorite/commit-add-folder.js
@@ -14,17 +14,17 @@ if (foldername)
 	{
 		if (folder_array.length < minisrv_config.services[service_name].max_folders)
 		{
-			//if (session_data.favstore.checkFolderName(foldername) == true)
+			if (session_data.favstore.checkFolderName(foldername) == true)
-			//{
+			{
 				session_data.favstore.createFolder(foldername);
 				headers = `300 OK
 Connection: Keep-Alive
 Content-Type: text/html
 Location: wtv-favorite:/favorite
 wtv-expire-all: wtv-favorite:`
-			//} else {
+			} else {
-			//	headers = `400 That folder name is not valid. Choose a different name and try again.`
+				headers = `400 That folder name is not valid. Choose a different name and try again.`
-			//}
+			}
 		} else {
 			headers = `400 You can only have ${minisrv_config.services[service_name].max_folders} folders at one time. Delete some folders and try again.`
 		}
--- a/zefie_wtvp_minisrv/includes/WTVFavorites.js
+++ b/zefie_wtvp_minisrv/includes/WTVFavorites.js
@@ -75,6 +75,14 @@ class WTVFavorites {
        return store_dir;
 	}
 	checkFolderName(foldername) {
 		var regex_str = "^([A-Za-z0-9\-\_]{1,}$";
 		var regex = new RegExp(regex_str);
 		return regex.test(foldername);
 	}
 	createTemplateFolder(folder) {
 		// create emply folder
 		this.createFolder(folder)