aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/guile/cantius.scm12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/guile/cantius.scm b/src/guile/cantius.scm
index fe8131a..af37a32 100644
--- a/src/guile/cantius.scm
+++ b/src/guile/cantius.scm
@@ -24,8 +24,20 @@
+(define %illegal-path-regex
+ ;; Forbid `.` and `..` segments in paths.
+ (make-regexp "^(.*/)?[.][.]?(/.*)?$"))
+
+(define legal-path?
+ (negate (cut regexp-exec %illegal-path-regex <>)))
+
(export find-resource-file)
(define* (find-resource-file file #:optional (root-path (%resource-root-path)))
+ (unless (legal-path? file)
+ (raise (condition
+ (&error)
+ (&message (message (format #f "Illegal path ~a" file))))))
+
(let loop ((paths root-path))
(match paths
(()