Put new functionality in to allow choosing existing folder in move code - it goes back and forwards 7 days from the date of this file and finds matching files and uses those dirs, or just dirname matches for those dates and offers them up. Also improved Move code to reject dodgy paths

pa_job_manager.py

@@ -1650,6 +1650,15 @@ def JobMoveFiles(job):
     JobProgressState( job, "In Progress" )
     prefix=[jex.value for jex in job.extra if jex.name == "prefix"][0]
     suffix=[jex.value for jex in job.extra if jex.name == "suffix"][0]
+    # Sanity check, if prefix starts with /, reject it -> no /etc/shadow potentials
+    # Sanity check, if .. in prefix or suffix, reject it -> no ../../etc/shadow potentials
+    # Sanity check, if // in prefix or suffix, reject it -> not sure code wouldnt try to make empty dirs, and I dont want to chase /////// cases, any 2 in a row is enough to reject
+    if '..' in prefix or '..' in suffix or prefix[0] == '/' or '//' in prefix or '//' in suffix:
+        FinishJob( job, f"ERROR: Not processing move as the paths contain illegal chars", "Failed" )
+        return
+    # also remove unecessary slashes, jic
+    prefix=prefix.rstrip('/')
+    suffix=suffix.lstrip('/').rstrip('/')
     path_type=[jex.value for jex in job.extra if jex.name == "move_path_type"][0]
     rel_path=[jex.value for jex in job.extra if jex.name == "rel_path"][0]
     dst_storage_path = session.query(Path).filter(Path.path_prefix=='static/' + path_type + '/'+ rel_path).first()