From afd71fa4353e880b9e16c1b871519013c371b0b1 Mon Sep 17 00:00:00 2001
From: postscriptum <postscriptum@gemlog>
Date: Sat, 5 Jul 2025 10:33:00 +0300
Subject: [PATCH] validate filename

---
 src/nex.rs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/nex.rs b/src/nex.rs
index 95ec25b..eac2c48 100644
--- a/src/nex.rs
+++ b/src/nex.rs
@@ -11,7 +11,7 @@ use source::Source;
 use std::{
     collections::{HashMap, HashSet},
     fs,
-    path::PathBuf,
+    path::{MAIN_SEPARATOR, PathBuf},
     str::FromStr,
 };
 use template::Template;
@@ -35,6 +35,13 @@ impl Nex {
         (is_cleanup, is_debug): (bool, bool),
         user_names: &Vec<String>,
     ) -> Result<Self> {
+        // validate filename
+        if filename
+            .trim_matches(MAIN_SEPARATOR)
+            .contains(MAIN_SEPARATOR)
+        {
+            bail!("File name should not contain subdir `{MAIN_SEPARATOR}` separator!")
+        }
         // init data export location
         let target = PathBuf::from_str(&target_dir)?.canonicalize()?;
         if !target.is_dir() {