1 files changed, 6 insertions, 0 deletions

diff --git a/acid/cyche-build b/acid/cyche-build
index 7f63117..6468276 100755
--- a/acid/cyche-build
+++ b/acid/cyche-build
@@ -25,6 +25,12 @@
 
 cd "/services/$1"
 
+# For <file>, no absolute paths and no '../'
+if ! echo "$2" | grep -Evq '\.\.|^/'; then
+    echo "Bad file path: $2"
+    exit 1
+fi
+
 if [ "$4" == "--self" ]; then
     prev=$(cat '.git/previous_slug')
     [ -z "$prev" ] && prev="$1"