From 8f05be1de7537f2d3d48297ccd7fb46f65a90755 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Alexis=20Laferri=C3=A8re?= <alexis.laf@xymus.net>
Date: Sun, 4 Mar 2018 16:47:21 -0500
Subject: [PATCH] nitpm: protect uninstall from deleting parent folders
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Alexis Laferrière <alexis.laf@xymus.net>
---
 src/nitpm.nit |   14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/nitpm.nit b/src/nitpm.nit
index 12fc960..c2dbe2d 100644
--- a/src/nitpm.nit
+++ b/src/nitpm.nit
@@ -262,7 +262,19 @@ class CommandUninstall
 		end
 
 		for name in args do
-			var target_dir = nitpm_lib_dir / name
+
+			var clean_nitpm_lib_dir = nitpm_lib_dir.simplify_path
+			var target_dir = clean_nitpm_lib_dir / name
+
+			# Check validity of the package to delete
+			target_dir = target_dir.simplify_path
+			var within_dir = target_dir.has_prefix(clean_nitpm_lib_dir + "/") and
+				target_dir.length > clean_nitpm_lib_dir.length + 1
+			var valid_name = name.length > 0 and name.chars.first.is_lower
+			if not valid_name or not within_dir then
+				print_error "Package name '{name}' is invalid"
+				continue
+			end
 
 			if not target_dir.file_exists or not target_dir.to_path.is_dir then
 				print_error "Package not found"
-- 
1.7.9.5