From a99c49e75f9f66adbf58235d50f4f3bf2c2fb650 Mon Sep 17 00:00:00 2001
From: Zhongwen Deng <zhongwencool@gmail.com>
Date: Tue, 26 Apr 2022 22:17:25 +0800
Subject: [PATCH] fix: limit file ^[/\_a-zA-Z0-9\.\-]*$

---
 apps/emqx_conf/i18n/emqx_conf_schema.conf |  8 ++++----
 apps/emqx_conf/src/emqx_conf_schema.erl   | 17 +++++++++++++++--
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/apps/emqx_conf/i18n/emqx_conf_schema.conf b/apps/emqx_conf/i18n/emqx_conf_schema.conf
index a5e480753..03ed344fc 100644
--- a/apps/emqx_conf/i18n/emqx_conf_schema.conf
+++ b/apps/emqx_conf/i18n/emqx_conf_schema.conf
@@ -1024,8 +1024,8 @@ all log events are handled asynchronously. This means that the client process se
 by calling a log function in the Logger API, does not wait for a response from the handler
 but continues executing immediately after the event is sent.
 It is not affected by the time it takes the handler to print the event to the log device.
-If the message queue grows larger than this value, t
-he handler starts handling log events synchronously instead,
+If the message queue grows larger than this value,
+the handler starts handling log events synchronously instead,
 meaning that the client process sending the event must wait for a response.
 When the handler reduces the message queue to a level below the sync_mode_qlen threshold,
 asynchronous operation is resumed.
@@ -1158,11 +1158,11 @@ When drop mode is activated or deactivated, a message is printed in the logs."""
   log_overload_kill_enable {
     desc {
       en: """Enable log handler overload kill feature."""
-      zh: """启用日志处理进程过载终止功能。"""
+      zh: """日志处理进程过载时为保护自己节点其它的业务能正常，强制杀死日志处理进程。"""
     }
     label {
       en: "Log Handler Overload Kill"
-      zh: "日志处理进程过载终止"
+      zh: "日志处理进程过载保护"
     }
   }
 
diff --git a/apps/emqx_conf/src/emqx_conf_schema.erl b/apps/emqx_conf/src/emqx_conf_schema.erl
index 969710787..1a3270ab8 100644
--- a/apps/emqx_conf/src/emqx_conf_schema.erl
+++ b/apps/emqx_conf/src/emqx_conf_schema.erl
@@ -800,6 +800,7 @@ fields("log") ->
                 #{
                     mapping => "kernel.error_logger",
                     default => silent,
+                    readOnly => true,
                     desc => ?DESC("log_error_logger")
                 })
         }
@@ -811,7 +812,8 @@ fields("log_file_handler") ->
         {"file",
             sc(
                 file(),
-                #{desc => ?DESC("log_file_handler_file")}
+                #{desc => ?DESC("log_file_handler_file"),
+                    validator => fun file_location/1 }
             )},
         {"rotation",
             sc(
@@ -822,7 +824,7 @@ fields("log_file_handler") ->
             sc(
                 hoconsc:union([infinity, emqx_schema:bytesize()]),
                 #{
-                    default => "10MB",
+                    default => "50MB",
                     desc => ?DESC("log_file_handler_max_size")
                 }
             )}
@@ -1328,3 +1330,14 @@ emqx_schema_high_prio_roots() ->
                 #{desc => ?DESC(authorization)}
             )},
     lists:keyreplace("authorization", 1, Roots, Authz).
+
+-define(VALID_FILE, "^[/\_a-zA-Z0-9\.\-]*$").
+file_location(File) ->
+    Error = {error, "Invalid file name: " ++ ?VALID_FILE},
+    try
+        case re:run(File, ?VALID_FILE) of
+            nomatch -> Error;
+            _ -> ok
+        end
+    catch _:_ -> Error
+    end.