fix security issue with favorites

zefie_wtvp_minisrv/ServiceVault/wtv-favorite/commit-add-folder.js

@@ -14,17 +14,17 @@ if (foldername)
 	{
 		if (folder_array.length < minisrv_config.services[service_name].max_folders)
 		{
-			//if (session_data.favstore.checkFolderName(foldername) == true)
+			if (session_data.favstore.checkFolderName(foldername) == true)
-			//{
+			{
 				session_data.favstore.createFolder(foldername);
 				headers = `300 OK
 Connection: Keep-Alive
 Content-Type: text/html
 Location: wtv-favorite:/favorite
 wtv-expire-all: wtv-favorite:`
-			//} else {
+			} else {
-			//	headers = `400 That folder name is not valid. Choose a different name and try again.`
+				headers = `400 That folder name is not valid. Choose a different name and try again.`
-			//}
+			}
 		} else {
 			headers = `400 You can only have ${minisrv_config.services[service_name].max_folders} folders at one time. Delete some folders and try again.`
 		}

zefie_wtvp_minisrv/includes/WTVFavorites.js

@@ -73,7 +73,15 @@ class WTVFavorites {
             var store_dir = this.favstore_dir + folder_dir;
         }
         return store_dir;
-    }
+	}
+
+
+	checkFolderName(foldername) {
+		var regex_str = "^([A-Za-z0-9\-\_]{1,}$";
+		var regex = new RegExp(regex_str);
+		return regex.test(foldername);
+	}
+
 	
 	createTemplateFolder(folder) {
 		// create emply folder