From cd69fee0a46e6b64ea9c76ccb83e601e098f3e07 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@duempel.org>
Date: Tue, 8 Dec 2009 08:30:33 +0100
Subject: command: verify playlist name in the "rm" command

Call spl_valid_name() in spl_delete().
---
 NEWS                  | 1 +
 src/stored_playlist.c | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/NEWS b/NEWS
index d8b3714e7..a48bac467 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,7 @@ ver 0.15.7 (2009/??/??)
 * decoders:
   - ffmpeg: don't try to force stereo
 * mapper: fix memory leak when playlist_directory is not set
+* command: verify playlist name in the "rm" command
 
 
 ver 0.15.6 (2009/11/18)
diff --git a/src/stored_playlist.c b/src/stored_playlist.c
index f283ab98b..131c2098a 100644
--- a/src/stored_playlist.c
+++ b/src/stored_playlist.c
@@ -323,6 +323,9 @@ spl_delete(const char *name_utf8)
 	char *path_fs;
 	int ret;
 
+	if (!spl_valid_name(name_utf8))
+		return PLAYLIST_RESULT_BAD_NAME;
+
 	path_fs = map_spl_utf8_to_fs(name_utf8);
 	if (path_fs == NULL)
 		return PLAYLIST_RESULT_DISABLED;
-- 
cgit v1.2.3