From 8b359412f2a81a5fdf18c6b4fc097c6d6dc38324 Mon Sep 17 00:00:00 2001
From: mid <>
Date: Sun, 9 Feb 2025 22:22:59 +0200
Subject: [PATCH] Secure module names

---
 src/luaapi.c | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/src/luaapi.c b/src/luaapi.c
index ada5ff5..cb64652 100644
--- a/src/luaapi.c
+++ b/src/luaapi.c
@@ -1427,7 +1427,29 @@ static struct Module {
 	int ref;
 } *modules;
 static int luaapi_require(lua_State *L) {
-	const char *name = lua_tostring(L, 1);
+	char *name = strdup(lua_tostring(L, 1));
+	size_t nameLen = strlen(name);
+	
+	while(*name == '.' && nameLen) {
+		memmove(name, name + 1, --nameLen);
+	}
+	
+	for(int i = 1; i < nameLen;) {
+		if(name[i] == '.' && name[i - 1] == '.') {
+			memmove(name + i + 1, name + i, --nameLen - i);
+		} else i++;
+	}
+	
+	for(int i = 0; i < nameLen;) {
+		if(!isalpha(name[i]) && !isdigit(name[i]) && name[i] != '_' && name[i] != '-') {
+			memmove(name + i + 1, name + i, --nameLen - i);
+		} else i++;
+	}
+	
+	if(nameLen == 0) {
+		free(name);
+		return 0;
+	}
 	
 	for(size_t i = 0; i < moduleCount; i++) {
 		if(!strcmp(modules[i].name, name)) {