Hardened the help command against escaping its directory.

dev
pocketjawa 2018-03-04 22:09:00 -05:00
parent 5095a254aa
commit 87b7a15c5a
1 changed files with 1 additions and 1 deletions

View File

@ -83,7 +83,7 @@ def on_message(message):
if (command is '' ): if (command is '' ):
helpfile = open(cwd + "/helpcommand.txt","r") helpfile = open(cwd + "/helpcommand.txt","r")
yield from client.send_message(message.channel, helpfile.read()) yield from client.send_message(message.channel, helpfile.read())
elif os.path.isfile(cwd + "/helptext/" + command): elif re.match("^[A-Za-z0-9_-]*$", command) and os.path.isfile(cwd + "/helptext/" + command):
commandhelp = open(cwd + "/helptext/" + command,"r") commandhelp = open(cwd + "/helptext/" + command,"r")
yield from client.send_message(message.channel, commandhelp.read()) yield from client.send_message(message.channel, commandhelp.read())
else: else: