aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBas Alberts <bas@anti.computer>2022-12-22 22:43:23 -0500
committermarty hiatt <martianhiatus [a t] riseup [d o t] net>2022-12-24 13:54:50 +1100
commitc8044cfdeaac2a43f4a7c25cbb8e6e2c32307a5c (patch)
tree9819a254b62b9249614778d7b03a2fa62c1aca14
parent23413553a65a9749dcf8dfe9090722262b8755df (diff)
further harden custom emoji regex filtering
Prevent empty string shortcodes from creating dotfiles inside the custom emoji download dir to prevent e.g. ".envrc" and other such contextual dotfiles from being created in the legitimate download location.
-rw-r--r--lisp/mastodon-toot.el4
1 files changed, 2 insertions, 2 deletions
diff --git a/lisp/mastodon-toot.el b/lisp/mastodon-toot.el
index 66e6e91..7ca9fce 100644
--- a/lisp/mastodon-toot.el
+++ b/lisp/mastodon-toot.el
@@ -614,8 +614,8 @@ To use the downloaded emoji, run `mastodon-toot--enable-custom-emoji'."
(shortcode (alist-get 'shortcode x)))
;; skip anything that contains unexpected characters
(when (and url shortcode
- (string-match-p "^[a-zA-Z0-9-_]*$" shortcode)
- (string-match-p "^[a-zA-Z]*$" (file-name-extension url)))
+ (string-match-p "^[a-zA-Z0-9-_]+$" shortcode)
+ (string-match-p "^[a-zA-Z]+$" (file-name-extension url)))
(url-copy-file url
(concat
mastodon-custom-emoji-dir