From 605486fedabf7601a20d262d5c56ef1cb8447653 Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Thu, 20 Mar 2025 18:08:29 +0100
Subject: [PATCH] Update w/ strict check on config destination path

---
 installers/plugin_helper.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/installers/plugin_helper.sh b/installers/plugin_helper.sh
index 379ea63b..55f18971 100755
--- a/installers/plugin_helper.sh
+++ b/installers/plugin_helper.sh
@@ -71,8 +71,14 @@ case "$action" in
         exit 1
     fi
 
-    mkdir -p "$(dirname "$destination")"
-    chown -R "$raspap_user:$raspap_user" "$(dirname "$destination")"
+    dest_dir="$(dirname "$destination")"
+    if [ -z "$dest_dir" ] || [ "$dest_dir" = "/" ]; then
+        echo "Error: Unsafe destination path."
+        exit 1
+    fi
+
+    mkdir -p "$dest_dir"
+    chown -R "$raspap_user:$raspap_user" "$dest_dir"
     cp "$source" "$destination"
 
     echo "OK"