From 35dc9f9fa0f6ade39f2c12e24c176b6462417387 Mon Sep 17 00:00:00 2001
From: npt-1707 <npthanh132@gmail.com>
Date: Mon, 18 May 2026 06:15:43 +0800
Subject: [PATCH] front/lib/moment/moment.js: Avoid loading path-looking
 locales from fs

---
 front/lib/moment/moment.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/front/lib/moment/moment.js b/front/lib/moment/moment.js
index 1b129716..5a21cf45 100755
--- a/front/lib/moment/moment.js
+++ b/front/lib/moment/moment.js
@@ -1842,11 +1842,16 @@
         return globalLocale;
     }
 
+    function isLocaleNameSane(name) {
+        // Prevent names that look like filesystem paths, i.e contain '/' or '\'
+        return name.match('^[^/\\\\]*$') != null;
+    }
+
     function loadLocale(name) {
         var oldLocale = null;
         // TODO: Find a better way to register and load all the locales in Node
         if (!locales[name] && (typeof module !== 'undefined') &&
-                module && module.exports) {
+                module && module.exports && isLocaleNameSane(name)) {
             try {
                 oldLocale = globalLocale._abbr;
                 var aliasedRequire = require;