starred/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2026-05-30 23:40:40 +02:00
Code Issues 1.0k Packages Projects Releases 10 Wiki Activity

[Bug]: Unsanitized Regex in BookFinder.js #1516

New Issue
Closed
opened 2026-04-24 23:48:29 +02:00 by adam · 1 comment
adam commented 2026-04-24 23:48:29 +02:00
Owner
Copy Link
Copy Source

Originally created by @CEbbinghaus on GitHub (Nov 9, 2023).

Describe the issue

When matching books while the library contains regex special characters those are not properly sanitized and the whole application crashes.

Logs:

Config /config /metadata
[2023-11-10 00:47:53] INFO: === Starting Server ===
[2023-11-10 00:47:53] INFO: [Server] Init v2.5.0
[2023-11-10 00:47:53] INFO: [Database] Initializing db at "/config/absdatabase.sqlite"
[2023-11-10 00:47:53] INFO: [Database] Db connection was successful
[2023-11-10 00:47:53] INFO: [Database] Db initialized with models: user, library, libraryFolder, book, podcast, podcastEpisode, libraryItem, mediaProgress, series, bookSeries, author, bookAuthor, collection, collectionBook, playlist, playlistMediaItem, device, playbackSession, feed, feedEpisode, setting
[2023-11-10 00:47:53] INFO: [BackupManager] 0 Backups Found
[2023-11-10 00:47:53] INFO: [BackupManager] Auto Backups are disabled
[2023-11-10 00:47:53] INFO: [LogManager] Init current daily log filename: 2023-11-10.txt
[2023-11-10 00:47:53] INFO: [Watcher] Initializing watcher for "Audiobooks".
[2023-11-10 00:47:53] INFO: Listening on port :80
[2023-11-10 00:47:53] INFO: [Watcher] "Audiobooks" Ready
[2023-11-10 00:49:22] WARN: [Auth] Failed login attempt 1 of 10 from 172.69.62.84 (Auth.js:163)
[2023-11-10 00:49:26] INFO: [Auth] cebbinghaus logged in from 172.69.62.84
[2023-11-10 00:49:27] INFO: [SocketAuthority] Socket Connected oP936KZTv6JD_-sdAAAB
[2023-11-10 00:52:58] ERROR: [AudioFileScanner] Invalid data found when processing input : "/audiobooks/Die Drei ???/Die Drei ??? und das versunkene Schiff/[B0B1QQ6SDY] Die drei ??? und das versunkene Schiff꞉ Die drei ???.m4b" (AudioFileScanner.js:159)
[2023-11-10 00:55:25] INFO: [LibraryScanner] Library metadata precedence changed since last scan. From [Unset] to [folderStructure,audioMetatags,txtFiles,opfFile,absMetadata]
[2023-11-10 00:55:25] INFO: [LibraryScanner] Starting (forced) library scan 2cef0cee-6124-468e-81e4-c40878706003 for Audiobooks
[2023-11-10 00:55:26] ERROR: [AudioFileScanner] Invalid argument : "/audiobooks/Die Drei Fragezeichen/Die Drei Fragezeichen 057 - Tatort Zirkus.mp3" (AudioFileScanner.js:159)
[2023-11-10 00:55:27] ERROR: [AudioFileScanner] Invalid argument : "/audiobooks/Die Drei Fragezeichen/Die Drei Fragezeichen 057 - Tatort Zirkus.mp3" (AudioFileScanner.js:159)
[2023-11-10 00:55:30] INFO: [LibraryScanner] Library scan 2cef0cee-6124-468e-81e4-c40878706003 completed in 0:05.0 | 1 Added | 1 Updated | 137 Missing
[2023-11-10 00:55:30] INFO: [LibraryScan] Scan log saved "/metadata/logs/scans/2023-11-10_2cef0cee-6124-468e-81e4-c40878706003.txt"
[2023-11-10 00:55:30] INFO: [LibraryController] Scan complete
[2023-11-10 00:55:35] INFO: [Scanner] matchLibraryItems: Starting library match scan 495db6b3-1892-4463-a28a-96b360dda7bc for Audiobooks
[2023-11-10 00:55:39] INFO: [Audnexus] Searching for author "https://api.audnex.us/authors?name=die%20drei%20%3F%3F%3F"
[2023-11-10 00:55:39] INFO: [Audnexus] Searching for author "https://api.audnex.us/authors?name=die%20drei%20fragezeichen%20001"
[2023-11-10 00:55:39] INFO: [Audnexus] Searching for author "https://api.audnex.us/authors?name=der%20superpapagei"
/server/finders/BookFinder.js:204
        const authorRe = new RegExp(`(^| | by |)${this.cleanAuthor}(?= |$)`, "g")
                         ^
SyntaxError: Invalid regular expression: /(^| | by |)die drei ???(?= |$)/: Nothing to repeat
    at new RegExp (<anonymous>)
    at TitleCandidates.add (/server/finders/BookFinder.js:204:26)
    at BookFinder.search (/server/finders/BookFinder.js:380:27)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async Scanner.quickMatchLibraryItem (/server/scanner/Scanner.js:40:21)
    at async Scanner.matchLibraryItemsChunk (/server/scanner/Scanner.js:309:22)
    at async Scanner.matchLibraryItems (/server/scanner/Scanner.js:365:30)

Steps to reproduce the issue

  1. Have Audiobook with Regex special character in its name e.g ?
  2. Click on "Match Books" for library which contains said audiobook.
  3. Profit???

Audiobookshelf version

2.5.0

How are you running audiobookshelf?

Docker

Originally created by @CEbbinghaus on GitHub (Nov 9, 2023). ### Describe the issue When matching books while the library contains regex special characters those are not properly sanitized and the whole application crashes. Logs: ``` Config /config /metadata [2023-11-10 00:47:53] INFO: === Starting Server === [2023-11-10 00:47:53] INFO: [Server] Init v2.5.0 [2023-11-10 00:47:53] INFO: [Database] Initializing db at "/config/absdatabase.sqlite" [2023-11-10 00:47:53] INFO: [Database] Db connection was successful [2023-11-10 00:47:53] INFO: [Database] Db initialized with models: user, library, libraryFolder, book, podcast, podcastEpisode, libraryItem, mediaProgress, series, bookSeries, author, bookAuthor, collection, collectionBook, playlist, playlistMediaItem, device, playbackSession, feed, feedEpisode, setting [2023-11-10 00:47:53] INFO: [BackupManager] 0 Backups Found [2023-11-10 00:47:53] INFO: [BackupManager] Auto Backups are disabled [2023-11-10 00:47:53] INFO: [LogManager] Init current daily log filename: 2023-11-10.txt [2023-11-10 00:47:53] INFO: [Watcher] Initializing watcher for "Audiobooks". [2023-11-10 00:47:53] INFO: Listening on port :80 [2023-11-10 00:47:53] INFO: [Watcher] "Audiobooks" Ready [2023-11-10 00:49:22] WARN: [Auth] Failed login attempt 1 of 10 from 172.69.62.84 (Auth.js:163) [2023-11-10 00:49:26] INFO: [Auth] cebbinghaus logged in from 172.69.62.84 [2023-11-10 00:49:27] INFO: [SocketAuthority] Socket Connected oP936KZTv6JD_-sdAAAB [2023-11-10 00:52:58] ERROR: [AudioFileScanner] Invalid data found when processing input : "/audiobooks/Die Drei ???/Die Drei ??? und das versunkene Schiff/[B0B1QQ6SDY] Die drei ??? und das versunkene Schiff꞉ Die drei ???.m4b" (AudioFileScanner.js:159) [2023-11-10 00:55:25] INFO: [LibraryScanner] Library metadata precedence changed since last scan. From [Unset] to [folderStructure,audioMetatags,txtFiles,opfFile,absMetadata] [2023-11-10 00:55:25] INFO: [LibraryScanner] Starting (forced) library scan 2cef0cee-6124-468e-81e4-c40878706003 for Audiobooks [2023-11-10 00:55:26] ERROR: [AudioFileScanner] Invalid argument : "/audiobooks/Die Drei Fragezeichen/Die Drei Fragezeichen 057 - Tatort Zirkus.mp3" (AudioFileScanner.js:159) [2023-11-10 00:55:27] ERROR: [AudioFileScanner] Invalid argument : "/audiobooks/Die Drei Fragezeichen/Die Drei Fragezeichen 057 - Tatort Zirkus.mp3" (AudioFileScanner.js:159) [2023-11-10 00:55:30] INFO: [LibraryScanner] Library scan 2cef0cee-6124-468e-81e4-c40878706003 completed in 0:05.0 | 1 Added | 1 Updated | 137 Missing [2023-11-10 00:55:30] INFO: [LibraryScan] Scan log saved "/metadata/logs/scans/2023-11-10_2cef0cee-6124-468e-81e4-c40878706003.txt" [2023-11-10 00:55:30] INFO: [LibraryController] Scan complete [2023-11-10 00:55:35] INFO: [Scanner] matchLibraryItems: Starting library match scan 495db6b3-1892-4463-a28a-96b360dda7bc for Audiobooks [2023-11-10 00:55:39] INFO: [Audnexus] Searching for author "https://api.audnex.us/authors?name=die%20drei%20%3F%3F%3F" [2023-11-10 00:55:39] INFO: [Audnexus] Searching for author "https://api.audnex.us/authors?name=die%20drei%20fragezeichen%20001" [2023-11-10 00:55:39] INFO: [Audnexus] Searching for author "https://api.audnex.us/authors?name=der%20superpapagei" /server/finders/BookFinder.js:204 const authorRe = new RegExp(`(^| | by |)${this.cleanAuthor}(?= |$)`, "g") ^ SyntaxError: Invalid regular expression: /(^| | by |)die drei ???(?= |$)/: Nothing to repeat at new RegExp (<anonymous>) at TitleCandidates.add (/server/finders/BookFinder.js:204:26) at BookFinder.search (/server/finders/BookFinder.js:380:27) at processTicksAndRejections (node:internal/process/task_queues:96:5) at async Scanner.quickMatchLibraryItem (/server/scanner/Scanner.js:40:21) at async Scanner.matchLibraryItemsChunk (/server/scanner/Scanner.js:309:22) at async Scanner.matchLibraryItems (/server/scanner/Scanner.js:365:30) ``` ### Steps to reproduce the issue 1. Have Audiobook with Regex special character in its name e.g `?` 2. Click on "Match Books" for library which contains said audiobook. 3. Profit??? ### Audiobookshelf version 2.5.0 ### How are you running audiobookshelf? Docker
adam added the bug label 2026-04-24 23:48:29 +02:00
adam closed this issue 2026-04-24 23:48:29 +02:00
adam commented 2026-04-24 23:48:30 +02:00
Author
Owner
Copy Link
Copy Source

@advplyr commented on GitHub (Nov 9, 2023):

Duplicate of #2265

@advplyr commented on GitHub (Nov 9, 2023): Duplicate of #2265
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
authentication
backlog
bug
chapter editor
config-issue
ebooks
encoding/embedding
enhancement
help wanted
listening sessions & progress
planned
possible plugin
progress sync
pull-request
Mirrored from GitHub Pull Request
 sorting/filtering/searching
unable to reproduce
upload
users & permissions
waiting
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam (Adam Melkus)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/audiobookshelf#1516
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?