From: Iskren Chernev <me@iskren.info>
Date: Sun, 27 Mar 2022 11:46:47 +0000 (+0300)
Subject: [bugfix] Avoid loading path-looking locales from fs
X-Git-Tag: 2.29.2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4211bfc8f15746be4019bba557e29a7ba83d54c5;p=thirdparty%2Fmoment.git

[bugfix] Avoid loading path-looking locales from fs
---

diff --git a/src/lib/locale/locales.js b/src/lib/locale/locales.js
index 0d0823275..b329b83b3 100644
--- a/src/lib/locale/locales.js
+++ b/src/lib/locale/locales.js
@@ -62,6 +62,11 @@ function chooseLocale(names) {
     return globalLocale;
 }
 
+function isLocaleNameSane(name) {
+    // Prevent names that look like filesystem paths, i.e contain '/' or '\'
+    return name.match('^[^/\\\\]*$') != null;
+}
+
 function loadLocale(name) {
     var oldLocale = null,
         aliasedRequire;
@@ -70,7 +75,8 @@ function loadLocale(name) {
         locales[name] === undefined &&
         typeof module !== 'undefined' &&
         module &&
-        module.exports
+        module.exports &&
+        isLocaleNameSane(name)
     ) {
         try {
             oldLocale = globalLocale._abbr;