+- Moode Forum (https://moodeaudio.org/forum)
+-- Forum: moOde audio player (https://moodeaudio.org/forum/forumdisplay.php?fid=3)
+--- Forum: Support (https://moodeaudio.org/forum/forumdisplay.php?fid=7)
+--- Thread: [SOLVED] 9.1.0 Advanced Search regression for regexp using "|" character (/showthread.php?tid=6930)
9.1.0 Advanced Search regression for regexp using "|" character - jenzd - 09-20-2024
Hi all,
There seems to be a regression in Moode 9.1.0 when using regular expressions on the Advanced Search page:
Up to Moode 9.0.8 I could use the Folder filter =~ nas/filestation/music/(somefolder|otherfolder) to get a combined view of all files in nas/filestation/music/somefolder and nas/filestation/music/otherfolder.
In Moode 9.1.0 this no longer works. The interface seems to accept the filter, but does not update the library view accordingly. Note that the offending character seems to be the |, because searching for just a single folder using =~ nas/filestation/music/(somefolder) still works as expected.
Interestingly the similar expression '(filename =~ "nas/filestation/music/(somefolder|otherfolder)")' still works as Tag Filter option for Auto-shuffle.
Thanks & best regards
Jens
RE: 9.1.0 Advanced Search regression for regexp using "|" character - Tim Curtis - 09-20-2024
Did you apply r900patch_multi.sh ?
RE: 9.1.0 Advanced Search regression for regexp using "|" character - Tim Curtis - 09-20-2024
Nvm, I can repro.
Do you see any SECCHK lines in the moode log?
RE: 9.1.0 Advanced Search regression for regexp using "|" character - jenzd - 09-20-2024
Yes, installed the patch and rebooted. Still no change.
RE: 9.1.0 Advanced Search regression for regexp using "|" character - jenzd - 09-20-2024
And yes there are SECCHK lines:
Code:
20240920 232740 SECCHK: Invalid shell characters detected, request denied
20240920 232740 SECCHK: (file =~ 'nas/filestation/music/(somefolder|otherfolder)')RE: 9.1.0 Advanced Search regression for regexp using "|" character - jenzd - 09-20-2024
I also noticed now that the Tag Filter for Auto-shuffle only worked, because the setting was restored from a backup. Manually entering the same string does not work but results in an HTTP 400 Bad request.
Here the log says (no surprise):
Code:
20240920 234106 SECCHK: Invalid shell characters detected, request denied
20240920 234106 SECCHK: '(filename =~ "nas/filestation/music/(somefolder|otherfolder)")'RE: 9.1.0 Advanced Search regression for regexp using "|" character - Tim Curtis - 09-20-2024
As a test, in file /var/www/command/cfg-table.php, lets exclude 'library_flatlist_filter_str from SECCHK
Change
chkVariables($_POST);
To
chkVariables($_POST, array('library_flatlist_filter_str'));
Btw, you don't need to specify the entire folder path. You could do like below.
=~ (/somefolder|/otherfolder)
RE: 9.1.0 Advanced Search regression for regexp using "|" character - jenzd - 09-20-2024
Results:
- Advanced Search works again after applying the patch.
- Still HTTP 400 Bad request for the Auto-shuffle Tag Filter.
RE: 9.1.0 Advanced Search regression for regexp using "|" character - Tim Curtis - 09-20-2024
Security is quite challenging.
A simple exclusion of the variables won't be sufficient though because that creates a shell injection vulnerability. I'll have to think about it.
RE: 9.1.0 Advanced Search regression for regexp using "|" character - jenzd - 09-24-2024
Thanks for fixing in the upcoming version 9.1.2
