Commit 8078d7f0 authored by Michael Marley's avatar Michael Marley Committed by Albert Astals Cid
Browse files

Fix path traversal in Album Artist field for CD ripping

For the ALBUMARTIST case in k3bpatternparser, the "/" character
was not being replaced with "_" the way it was for all the other
string fields.  This enables path traversal if the CDDB data has a
"/" in the Album Artist field, creating unwanted extra directories.
This patch fixes it by performing the same replacements on the
album artist as for all the other string fields.

(cherry picked from commit 3e20e668)
parent 3d5df3a3
......@@ -154,7 +154,11 @@ QString K3b::PatternParser::parsePattern( const KCDDB::CDInfo& entry,
break;
case ALBUMARTIST:
s = entry.get( KCDDB::Artist ).toString();
dir.append( s.isEmpty() ? i18n("unknown") : s );
s.replace( '/', '_' );
s.replace( '*', '_' );
s.replace( '}', '*' );
dir.append( s.isEmpty()
? i18n("unknown") : s );
break;
case ALBUMTITLE:
s = entry.get( KCDDB::Title ).toString();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment