From 5251579e707b66a030c61840b49915c77147100d Mon Sep 17 00:00:00 2001
From: Kayne Ruse <kayneruse@gmail.com>
Date: Fri, 27 Jan 2023 06:33:04 +0000
Subject: [PATCH] Moved guard

---
 Toy              |  2 +-
 box/lib_runner.c | 32 ++++++++++++++++----------------
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/Toy b/Toy
index e4d843a..c86c580 160000
--- a/Toy
+++ b/Toy
@@ -1 +1 @@
-Subproject commit e4d843ad3a4a16cfd2ac5e40878d98063ca60738
+Subproject commit c86c5800a75249ed45f82dc3497d7eba4e394fbd
diff --git a/box/lib_runner.c b/box/lib_runner.c
index 50b9576..f544c62 100644
--- a/box/lib_runner.c
+++ b/box/lib_runner.c
@@ -40,22 +40,6 @@ static int nativeLoadScript(Toy_Interpreter* interpreter, Toy_LiteralArray* argu
 	char* filePath = Toy_toCString(TOY_AS_STRING(filePathLiteral));
 	int filePathLength = Toy_lengthRefString(TOY_AS_STRING(filePathLiteral));
 
-	//check for file extensions
-	if (!(filePath[filePathLength - 5] == '.' && filePath[filePathLength - 4] == 't' && filePath[filePathLength - 3] == 'o' && filePath[filePathLength - 2] == 'y')) {
-		interpreter->errorOutput("Bad script file extension (expected .toy)\n");
-		Toy_freeLiteral(filePathLiteral);
-		return -1;
-	}
-
-	//check for break-out attempts
-	for (int i = 0; i < filePathLength - 1; i++) {
-		if (filePath[i] == '.' && filePath[i + 1] == '.') {
-			interpreter->errorOutput("Parent directory access not allowed\n");
-			Toy_freeLiteral(filePathLiteral);
-			return -1;
-		}
-	}
-
 	//load and compile the bytecode
 	size_t fileSize = 0;
 	char* source = Toy_readFile(filePath, &fileSize);
@@ -634,6 +618,22 @@ Toy_Literal Toy_getFilePathLiteral(Toy_Interpreter* interpreter, Toy_Literal* dr
 	Toy_deleteRefString(path);
 	Toy_deleteRefString(drivePath);
 
+	//check for file extensions
+	if (!(filePath[realLength - 5] == '.' && filePath[realLength - 4] == 't' && filePath[realLength - 3] == 'o' && filePath[realLength - 2] == 'y')) {
+		interpreter->errorOutput("Bad script file extension (expected .toy)\n"); //TODO: add a bytecode version too
+		TOY_FREE_ARRAY(char, filePath, realLength + 1);
+		return TOY_TO_NULL_LITERAL;
+	}
+
+	//check for break-out attempts
+	for (int i = 0; i < realLength - 1; i++) {
+		if (filePath[i] == '.' && filePath[i + 1] == '.') {
+			interpreter->errorOutput("Parent directory access not allowed\n");
+			TOY_FREE_ARRAY(char, filePath, realLength + 1);
+			return TOY_TO_NULL_LITERAL;
+		}
+	}
+
 	Toy_Literal result = TOY_TO_STRING_LITERAL(Toy_createRefStringLength(filePath, realLength));
 
 	TOY_FREE_ARRAY(char, filePath, realLength + 1);