fix checkUploadFile

2021-02-17 10:20:45 +01:00 · 2021-02-17 10:20:45 +01:00 · 473d802aab
parent b1e6e0fc50
commit 473d802aab
3 changed files with 6 additions and 5 deletions
--- a/bashbot.sh
+++ b/bashbot.sh
@ -30,7 +30,7 @@ BOTCOMMANDS="-h  help  init  start  stop  status  suspendback  resumeback  killb
 #     8 - curl/wget missing
 #     10 - not bash!
 #
-#### $$VERSION$$ v1.45-dev-26-g82a57a7
+#### $$VERSION$$ v1.45-dev-34-gb1e6e0f
 ##################################################################
 # are we running in a terminal?
@ -515,8 +515,8 @@ UPLOADDIR="${BASHBOT_UPLOAD:-${DATADIR}/upload}"
 # return final file name or empty string on error
 checkUploadFile() {
 	local err file="$2"
-	[[ "${file}" = *'..'* || "${file}" = '.'* ]] && err=1 	# no directory traversal
+	[[ "${file}" == *'..'* || "${file}" == '.'* ]] && err=1 	# no directory traversal
-	if [[ "${file}" = '/'* ]] ; then
+	if [[ "${file}" == '/'* ]] ; then
 		[[ ! "${file}" =~ ${FILE_REGEX} ]] && err=2	# absolute must match REGEX
 	else
 		file="${UPLOADDIR:-NOUPLOADDIR}/${file}"	# others must be in UPLOADDIR
@ -537,6 +537,7 @@ checkUploadFile() {
 	    [ -n "${BASHBOTDEBUG}" ] && log_debug "$3: CHAT=$1 FILE=$2 MSG=${BOTSENT[DESCRIPTION]}"
 	    return 1
 	fi
 	printf "%s\n" "${file}"
 }
--- a/dev/all-tests.sh
+++ b/dev/all-tests.sh
@ -5,7 +5,7 @@
 #
 # Description: run all tests, exit after failed test
 #
-#### $$VERSION$$ v1.45-dev-21-ge67e43d
+#### $$VERSION$$ v1.45-dev-34-gb1e6e0f
 #############################################################
 #shellcheck disable=SC1090
--- a/test/d-send_message-test.sh
+++ b/test/d-send_message-test.sh
@ -10,7 +10,7 @@
 #	LICENSE: WTFPLv2 http://www.wtfpl.net/txt/copying/
 #        AUTHOR: KayM (gnadelwartz), kay@rrr.de
 #
-#### $$VERSION$$ v1.40-0-gf9dab50
+#### $$VERSION$$ v1.45-dev-34-gb1e6e0f
 #===============================================================================
 # include common functions and definitions