diff options
author | William Wilgus <wilgus.william@gmail.com> | 2024-12-20 22:59:03 -0500 |
---|---|---|
committer | William Wilgus <wilgus.william@gmail.com> | 2024-12-20 22:59:03 -0500 |
commit | 9c477e84ffcb1f03737c132fad9f8dccdcbfdd85 (patch) | |
tree | 1bedd642ede3d42013e1df273669415f7abcc840 | |
parent | 774357e722a007a5d036528b7044f202289030d4 (diff) | |
download | rockbox-9c477e84ff.tar.gz rockbox-9c477e84ff.zip |
[Bugix] %ft has access to the root of the drive using /
path_append treats a path starting with / as absolute
allowing escape by themes
Change-Id: I8e5fb55f01cacd5ec0fc5538d92dfcfbdceb6892
-rw-r--r-- | apps/gui/skin_engine/skin_parser.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/apps/gui/skin_engine/skin_parser.c b/apps/gui/skin_engine/skin_parser.c index b012673aa7..1397f0b41c 100644 --- a/apps/gui/skin_engine/skin_parser.c +++ b/apps/gui/skin_engine/skin_parser.c @@ -1357,6 +1357,10 @@ static int parse_filetext(struct skin_element *element, __func__, filename, element->params_count); return WPS_ERROR_INVALID_PARAM; } + + while(*filename == PATH_SEPCH) /* no absolute paths! */ + filename++; + path_append(buf, ROCKBOX_DIR, filename, sizeof(buf)); DEBUGF("%s %s[%d]\n", __func__, buf, line); |