Peter.Morton 57b58a0d22 fix: allow ampersands in filenames while blocking command injection (v1.1.2) ...

Fixes #2 - Files with & in their names (e.g., 'Research & Development.md')
were being incorrectly sanitized, causing search and file-not-found errors.

Changes:
- Removed & from DANGEROUS_CHARS regex
- Single & is safe in quoted arguments passed to CLI
- Dangerous && patterns still blocked by COMMAND_INJECTION_PATTERNS
- Also allows (), [], {} which are safe in quoted args

Version: 1.1.2

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-04-14 17:05:18 -05:00

7.2 KiB

Raw Blame History

View Raw