From e03888d5877e04cb1f4575099eda54d9c009ca3a Mon Sep 17 00:00:00 2001 From: Romain Vimont Date: Sat, 14 Sep 2024 21:21:48 +0200 Subject: [PATCH] Reject arguments containing new line characters Refs bec3321fff4c6dc3b3dbc61fdc6fd98913988a78 --- app/src/server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/src/server.c b/app/src/server.c index e94fcce8..90a0ac5d 100644 --- a/app/src/server.c +++ b/app/src/server.c @@ -225,7 +225,7 @@ validate_string(const char *s) { // special shell characters. // Since they are not properly escaped on Windows anyway (see // sys/win/process.c), just forbid special shell characters. - if (strpbrk(s, " ;'\"*$?&`#\\|<>[]{}()!~")) { + if (strpbrk(s, " ;'\"*$?&`#\\|<>[]{}()!~\r\n")) { LOGE("Invalid server param: [%s]", s); return false; }