From 882a6917bc4438c7d49c2511b03b634fd25d4f39 Mon Sep 17 00:00:00 2001 From: Leah Rowe Date: Sun, 7 Sep 2025 14:06:57 +0100 Subject: lib/init.sh: sanitize the version string the release functions in release.sh rely on the version string *not* being a path containing slashes. just a single string e.g. "foo", not e.g. "foo/bar" this is because several checks there make that assumption. in practise, we always ensure that tags and such do not contain these characters. however, someone else working on their own version of xbmk might not know of this design flaw, so let's try to correct it in code. we can add more filtering as designed, in the relevant function (xbmk_sanitize_version). Signed-off-by: Leah Rowe --- include/init.sh | 2 ++ include/lib.sh | 16 ++++++++++++++++ 2 files changed, 18 insertions(+) (limited to 'include') diff --git a/include/init.sh b/include/init.sh index 03c45c1a..264e98df 100644 --- a/include/init.sh +++ b/include/init.sh @@ -60,6 +60,8 @@ xbmk_get_version() [ ! -e ".git" ] && [ ! -f ".version" ] && version="unknown" [ ! -e ".git" ] && [ ! -f ".versiondate" ] && versiondate="1716415872" + xbmk_sanitize_version + [ -n "$version" ] && relname="$projectname-$version"; : } diff --git a/include/lib.sh b/include/lib.sh index 948d7f3f..a2b93a97 100644 --- a/include/lib.sh +++ b/include/lib.sh @@ -22,10 +22,26 @@ mkrom_tarball() update_xbmkver() { + xbmk_sanitize_version + printf "%s\n" "$version" > "$1/.version" || err "$1 !version"; : printf "%s\n" "$versiondate" > "$1/.versiondate" || err "$1 !vdate"; : } +xbmk_sanitize_version() +{ + [ -n "$version" ] || return 0; : + + version="`printf "%s\n" "$version" | sed -e 's/\t//g'`" + version="`printf "%s\n" "$version" | sed -e 's/\ //g'`" + version="`printf "%s\n" "$version" | sed -e 's/\.\.//g'`" + version="`printf "%s\n" "$version" | sed -e 's/\.\///g'`" + version="`printf "%s\n" "$version" | sed -e 's/\//-/g'`" + version="${version#-}" + + [ -n "$version" ] || err "'version' empty after sanitization"; : +} + mktarball() { printf "Creating tar archive '%s' from directory '%s'\n" "$2" "$1" -- cgit v1.2.1