erin/ffxiv-wiki-scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix potential base64 injection

Browse source 
"EOF" is made up of entirely valid base64 characters, it would be bad if the program crashed because we tried to diff a file whose base64 representation contained the string EOF. underscores don't appear in base64 strings
This commit is contained in:
ewin 2025-09-04 23:07:04 -04:00
parent 4f17754f4c
commit ded35a743d
Signed by: erin
SSH key fingerprint: SHA256:swjoHhREbZPbWe+gyJNi24d4NAxJSyUIm3fpZj4z3wc
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/util/diff.js
View file

@ -27,12 +27,12 @@ export function diff (a, b, page) {
// https://stackoverflow.com/a/60221847 // https://stackoverflow.com/a/60221847
// use tail to cut off file info lines and re-add with fake filenames/dates // use tail to cut off file info lines and re-add with fake filenames/dates
// this function is so extra now holy shit // this function is so extra now holy shit
execSync(String.raw`bash <<- 'EOF' execSync(String.raw`bash <<- '_EOF_'
diff --color=always -u \ diff --color=always -u \
${labels ? `--label="$(echo '${toBase64(labels[0])}' | base64 -d)" ` : ''}<(echo '${toBase64(a)}' | base64 -d) \ ${labels ? `--label="$(echo '${toBase64(labels[0])}' | base64 -d)" ` : ''}<(echo '${toBase64(a)}' | base64 -d) \
${labels ? `--label="$(echo '${toBase64(labels[1])}' | base64 -d)" ` : ''}<(echo '${toBase64(b)}' | base64 -d) \ ${labels ? `--label="$(echo '${toBase64(labels[1])}' | base64 -d)" ` : ''}<(echo '${toBase64(b)}' | base64 -d) \
${labels ? `|| true` : `| tail -n +3` /* cut off header if no labels */} ${labels ? `|| true` : `| tail -n +3` /* cut off header if no labels */}
EOF`, { _EOF_`, {
// display result directly in terminal // display result directly in terminal
stdio: 'inherit', stdio: 'inherit',
}); });