From 24f76ac506f4753c63df02ff123dd0b9eba8ac8a Mon Sep 17 00:00:00 2001
From: Axel Uhl <github@homemp3.dyndns.org>
Date: Sat, 15 Feb 2025 23:52:01 +0100
Subject: [PATCH 1/2] securing identifierPattern

It used to also match ^, ` , [, \, and ] where it shouldn't. This triggers CodeQL vulnerability reports.
---
 src/segment/segmentTemplate.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/segment/segmentTemplate.js b/src/segment/segmentTemplate.js
index 673887de..245935ae 100644
--- a/src/segment/segmentTemplate.js
+++ b/src/segment/segmentTemplate.js
@@ -3,7 +3,7 @@ import urlTypeToSegment from './urlType';
 import { parseByTimeline } from './timelineTimeParser';
 import { parseByDuration } from './durationTimeParser';
 
-const identifierPattern = /\$([A-z]*)(?:(%0)([0-9]+)d)?\$/g;
+const identifierPattern = /\$([A-Za-z_]*)(?:(%0)([0-9]+)d)?\$/g;
 
 /**
  * Replaces template identifiers with corresponding values. To be used as the callback

From 3ca00ff8906e8eba9827af1737f9ce4674d26d1e Mon Sep 17 00:00:00 2001
From: Axel Uhl <github@homemp3.dyndns.org>
Date: Sun, 16 Feb 2025 20:02:26 +0100
Subject: [PATCH 2/2] Update ci.yml

---
 .github/workflows/ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 83728081..0e1b4e49 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,7 +1,7 @@
 name: ci
 
-on: [push, pull_request]
-
+on: [push, pull_request, workflow_dispatch]
+  
 jobs:
   should-skip:
     continue-on-error: true