From 530325e0da8888d3d7768ff06b9462808f01abb6 Mon Sep 17 00:00:00 2001
From: "Jory A. Pratt" <geekypenguin@gmail.com>
Date: Sun, 15 Feb 2026 21:57:38 -0600
Subject: [PATCH 6/8] security: validate voice path in piper_generate.php

- Restrict voice to /opt/piper/voices/ via realpath check
- Require .onnx extension
- Reject non-existent or path traversal attempts
---
 piper_generate.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/piper_generate.php b/piper_generate.php
index 2fa5c84..2cb2ac4 100644
--- a/piper_generate.php
+++ b/piper_generate.php
@@ -34,13 +34,17 @@ if (!$text || !$filename) {
 
 
 // Default voice if none selected
-
 if (empty($voice)) {
-
     $voice = "/opt/piper/voices/en_US-lessac-medium.onnx";
-
 }
 
+// Validate voice path is under /opt/piper/voices/ and exists
+$voices_dir = '/opt/piper/voices';
+$voice_real = realpath($voice);
+if ($voice_real === false || strpos($voice_real, $voices_dir) !== 0 || !preg_match('/\.onnx$/i', $voice)) {
+    echo "Invalid voice path.";
+    exit;
+}
 
 $script = "/usr/local/bin/piper_prompt_tts.sh";
 
-- 
2.47.3