Disallow empty name, . and .. for html/rss names and html chapters

3 files changed, 22 insertions, 3 deletions

diff --git a/automedia b/automedia
index c6ddbc3..5ec4454 100755
--- a/automedia
+++ b/automedia
diff --git a/src/html.c b/src/html.c
index 5a559e1..bd41611 100644
--- a/src/html.c
+++ b/src/html.c
@@ -86,6 +86,7 @@ static int url_extract_domain(const char *url, char *domain, int domain_len) {
 typedef int (*PluginListCallback)(const char *name, const char *url, void *userdata);
 static cJSON* plugin_list(char *plugin_filepath, const char *url, cJSON *downloaded_items, PluginListCallback callback, void *userdata) {
     int result;
+    cJSON *json_root = NULL;
     Buffer buffer;
     buffer_init(&buffer);
 
@@ -129,7 +130,7 @@ static cJSON* plugin_list(char *plugin_filepath, const char *url, cJSON *downloa
         goto err_cleanup;
     }
 
-    cJSON *json_root = cJSON_ParseWithLength(buffer.data, buffer.size);
+    json_root = cJSON_ParseWithLength(buffer.data, buffer.size);
     if(!json_root) {
         fprintf(stderr, "Failed to load plugin %s list output as json\n", basename(plugin_filepath));
         goto err_cleanup;
@@ -138,7 +139,6 @@ static cJSON* plugin_list(char *plugin_filepath, const char *url, cJSON *downloa
 
     if(!cJSON_IsArray(json_root)) {
         fprintf(stderr, "Failed to load plugin %s list output as json\n", basename(plugin_filepath));
-        cJSON_Delete(json_root);
         goto err_cleanup;
     }
 
@@ -156,13 +156,21 @@ static cJSON* plugin_list(char *plugin_filepath, const char *url, cJSON *downloa
         char *name = name_json->valuestring;
         string_replace(name, '/', '_');
         name = strip(name);
+
+        if(name[0] == '\0' || strcmp(name, ".") == 0 || strcmp(name, "..") == 0) {
+            fprintf(stderr, "Listing html chapter gave a chapter with an invalid name. The chapter name can't be empty, . or ..\n");
+            goto err_cleanup;
+        }
+
         if(callback(name, url_json->valuestring, userdata) != 0)
-            break;
+            goto err_cleanup;
     }
 
     return json_root;
 
     err_cleanup:
+    if(json_root)
+        cJSON_Delete(json_root);
     buffer_deinit(&buffer);
     return NULL;
 }
@@ -246,6 +254,11 @@ int add_html(const char *name, const char *url, char *html_config_dir, char *pro
         return -1;
     }
 
+    if(strcmp(name, ".") == 0 || strcmp(name, "..") == 0) {
+        fprintf(stderr, "Html name can't be . or ..\n");
+        return -1;
+    }
+
     char domain[2086];
     if(looks_like_mangadex_id(url)) {
         strcpy(domain, "mangadex");
diff --git a/src/rss.c b/src/rss.c
index 0118761..cc31610 100644
--- a/src/rss.c
+++ b/src/rss.c
@@ -372,6 +372,12 @@ int add_rss(const char *name, char *url, char *rss_config_dir, const char *start
         name = stripped_rss_title;
     }
 
+    if(name[0] == '\0' || strcmp(name, ".") == 0 || strcmp(name, "..") == 0) {
+        fprintf(stderr, "Rss name can't be empty, . or ..\n");
+        result = -1;
+        goto cleanup;
+    }
+
     char *rss_tracked_dir = rss_config_dir;
     strcat(rss_tracked_dir, "/tracked/");
     strcat(rss_tracked_dir, name);