summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWilliam Wilgus <wilgus.william@gmail.com>2024-12-20 22:59:03 -0500
committerWilliam Wilgus <wilgus.william@gmail.com>2024-12-20 22:59:03 -0500
commit9c477e84ffcb1f03737c132fad9f8dccdcbfdd85 (patch)
tree1bedd642ede3d42013e1df273669415f7abcc840
parent774357e722a007a5d036528b7044f202289030d4 (diff)
downloadrockbox-9c477e84ff.tar.gz
rockbox-9c477e84ff.zip
[Bugix] %ft has access to the root of the drive using /
path_append treats a path starting with / as absolute allowing escape by themes Change-Id: I8e5fb55f01cacd5ec0fc5538d92dfcfbdceb6892
-rw-r--r--apps/gui/skin_engine/skin_parser.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/apps/gui/skin_engine/skin_parser.c b/apps/gui/skin_engine/skin_parser.c
index b012673aa7..1397f0b41c 100644
--- a/apps/gui/skin_engine/skin_parser.c
+++ b/apps/gui/skin_engine/skin_parser.c
@@ -1357,6 +1357,10 @@ static int parse_filetext(struct skin_element *element,
__func__, filename, element->params_count);
return WPS_ERROR_INVALID_PARAM;
}
+
+ while(*filename == PATH_SEPCH) /* no absolute paths! */
+ filename++;
+
path_append(buf, ROCKBOX_DIR, filename, sizeof(buf));
DEBUGF("%s %s[%d]\n", __func__, buf, line);