From 473d802aab2183c3ad48cbe3b827d5a95302b753 Mon Sep 17 00:00:00 2001
From: "Kay Marquardt (Gnadelwartz)" <kay@rrr.de>
Date: Wed, 17 Feb 2021 10:20:45 +0100
Subject: [PATCH] fix checkUploadFile

---
 bashbot.sh                  | 7 ++++---
 dev/all-tests.sh            | 2 +-
 test/d-send_message-test.sh | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/bashbot.sh b/bashbot.sh
index 3633fd4..5c2ab62 100755
--- a/bashbot.sh
+++ b/bashbot.sh
@@ -30,7 +30,7 @@ BOTCOMMANDS="-h  help  init  start  stop  status  suspendback  resumeback  killb
 #     8 - curl/wget missing
 #     10 - not bash!
 #
-#### $$VERSION$$ v1.45-dev-26-g82a57a7
+#### $$VERSION$$ v1.45-dev-34-gb1e6e0f
 ##################################################################
 
 # are we running in a terminal?
@@ -515,8 +515,8 @@ UPLOADDIR="${BASHBOT_UPLOAD:-${DATADIR}/upload}"
 # return final file name or empty string on error
 checkUploadFile() {
 	local err file="$2"
-	[[ "${file}" = *'..'* || "${file}" = '.'* ]] && err=1 	# no directory traversal
-	if [[ "${file}" = '/'* ]] ; then
+	[[ "${file}" == *'..'* || "${file}" == '.'* ]] && err=1 	# no directory traversal
+	if [[ "${file}" == '/'* ]] ; then
 		[[ ! "${file}" =~ ${FILE_REGEX} ]] && err=2	# absolute must match REGEX
 	else
 		file="${UPLOADDIR:-NOUPLOADDIR}/${file}"	# others must be in UPLOADDIR
@@ -537,6 +537,7 @@ checkUploadFile() {
 	    [ -n "${BASHBOTDEBUG}" ] && log_debug "$3: CHAT=$1 FILE=$2 MSG=${BOTSENT[DESCRIPTION]}"
 	    return 1
 	fi
+	printf "%s\n" "${file}"
 }
 
 
diff --git a/dev/all-tests.sh b/dev/all-tests.sh
index 8151a10..92732e2 100755
--- a/dev/all-tests.sh
+++ b/dev/all-tests.sh
@@ -5,7 +5,7 @@
 #
 # Description: run all tests, exit after failed test
 #
-#### $$VERSION$$ v1.45-dev-21-ge67e43d
+#### $$VERSION$$ v1.45-dev-34-gb1e6e0f
 #############################################################
 
 #shellcheck disable=SC1090
diff --git a/test/d-send_message-test.sh b/test/d-send_message-test.sh
index e55b96b..c9ea4ff 100755
--- a/test/d-send_message-test.sh
+++ b/test/d-send_message-test.sh
@@ -10,7 +10,7 @@
 #	LICENSE: WTFPLv2 http://www.wtfpl.net/txt/copying/
 #        AUTHOR: KayM (gnadelwartz), kay@rrr.de
 #
-#### $$VERSION$$ v1.40-0-gf9dab50
+#### $$VERSION$$ v1.45-dev-34-gb1e6e0f
 #===============================================================================
 
 # include common functions and definitions