From 20c8e3a2cbf319c6ecc1d7e366e4ce4ad714604f Mon Sep 17 00:00:00 2001
From: lordtet <lordtet@lordnet.sh>
Date: Fri, 3 Apr 2026 22:13:58 -0400
Subject: [PATCH] Directory traversal fix. I don't think it could've led to
 something serious, but lets fix it anyway.

---
 src/assets/js/blog.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/assets/js/blog.js b/src/assets/js/blog.js
index 9566ffd..cb8baf5 100644
--- a/src/assets/js/blog.js
+++ b/src/assets/js/blog.js
@@ -90,6 +90,7 @@
     var type = hash.slice(0, slash);
     var slug = hash.slice(slash + 1);
     if (!slug || (type !== "blog" && type !== "projects")) return;
+    if (!/^[a-z0-9_-]+$/i.test(slug)) return;
     var fragUrl = "/fragments/" + type + "/" + slug + "/";
     WM.showAt("win-" + type, fragUrl, "/fragments/" + type + "/", function (c) {
       injectShare(c, fragUrl);