Prevent injection attacks

The previous attempt could be bypassed by clever use of backslashes as dCRUSty demonstrated
bbyars · Mar 15, 2022 · 005aac0 · 005aac0
1 parent 8a04bd6
commit 005aac0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/util/logger.js b/src/util/logger.js
@@ -14,7 +14,7 @@ function initializeLogfile (filename) {
 }
 
 function logFormat (config) {
-    const template = config.replace(/\$/g, '\\$') // prevent injection attacks
+    const template = config.replace(/\$/g, '') // prevent injection attacks
         .replace(/%level/g, '${info.level}')
         .replace(/%message/g, '${info.message}')
         .replace(/%timestamp/g, '${info.timestamp}');