diff --git a/NEWS b/NEWS index d04d14e32..714cb533e 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,7 @@ ver 0.16 (20??/??/??) - "load" supports remote playlists (extm3u, pls, asx, xspf, lastfm://) - allow changing replay gain mode on-the-fly - omitting the range end is possible + - "update" checks if the path is malformed * archive: - iso: renamed plugin to "iso9660" - zip: renamed plugin to "zzip" diff --git a/src/command.c b/src/command.c index e591d06e3..ab1a7b0a9 100644 --- a/src/command.c +++ b/src/command.c @@ -1055,9 +1055,16 @@ handle_update(struct client *client, G_GNUC_UNUSED int argc, char *argv[]) unsigned ret; assert(argc <= 2); - if (argc == 2) + if (argc == 2) { path = argv[1]; + if (!uri_safe_local(path)) { + command_error(client, ACK_ERROR_ARG, + "Malformed path"); + return COMMAND_RETURN_ERROR; + } + } + ret = update_enqueue(path, false); if (ret > 0) { client_printf(client, "updating_db: %i\n", ret); @@ -1076,9 +1083,16 @@ handle_rescan(struct client *client, G_GNUC_UNUSED int argc, char *argv[]) unsigned ret; assert(argc <= 2); - if (argc == 2) + if (argc == 2) { path = argv[1]; + if (!uri_safe_local(path)) { + command_error(client, ACK_ERROR_ARG, + "Malformed path"); + return COMMAND_RETURN_ERROR; + } + } + ret = update_enqueue(path, true); if (ret > 0) { client_printf(client, "updating_db: %i\n", ret);