In the maths cog, a few of the commands designed to grab files for JMC/IMC/SMC questions were vulnerable to directory traversal, as demonstrated below. This could be used to retrieve credentials and bot tokens. This should fix these issues by requiring integer years, so "../" and the like cannot be used.
Epic yes, this would work. We are also probably at some point going to use the links to the images, instead of the images themselves as they will send quicker that way. Merged :)
In the maths cog, a few of the commands designed to grab files for JMC/IMC/SMC questions were vulnerable to directory traversal, as demonstrated below. This could be used to retrieve credentials and bot tokens. This should fix these issues by requiring integer years, so "../" and the like cannot be used.