Dusk1e e9ddfee4fd fix(plugins): reject plugin names that resolve to the plugins root ...

Reject "." as a plugin name — it resolves to the plugins directory
itself, which in force-install flows causes shutil.rmtree to wipe the
entire plugins tree.

- reject "." early with a clear error message
- explicit check for target == plugins_resolved (raise instead of allow)
- switch boundary check from string-prefix to Path.relative_to()
- add regression tests for sanitizer + install flow

Co-authored-by: Dusk1e <yusufalweshdemir@gmail.com>

2026-04-05 18:40:45 -07:00

20 KiB

Raw Blame History

View Raw