Commit 3e20e668 authored by Michael Marley's avatar Michael Marley
Browse files

Fix path traversal in Album Artist field for CD ripping

For the ALBUMARTIST case in k3bpatternparser, the "/" character
was not being replaced with "_" the way it was for all the other
string fields.  This enables path traversal if the CDDB data has a
"/" in the Album Artist field, creating unwanted extra directories.
This patch fixes it by performing the same replacements on the
album artist as for all the other string fields.
parent fd52bf02
Pipeline #124996 passed with stage
in 3 minutes and 16 seconds
......@@ -154,7 +154,11 @@ QString K3b::PatternParser::parsePattern( const KCDDB::CDInfo& entry,
break;
case ALBUMARTIST:
s = entry.get( KCDDB::Artist ).toString();
dir.append( s.isEmpty() ? i18n("unknown") : s );
s.replace( '/', '_' );
s.replace( '*', '_' );
s.replace( '}', '*' );
dir.append( s.isEmpty()
? i18n("unknown") : s );
break;
case ALBUMTITLE:
s = entry.get( KCDDB::Title ).toString();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment