From 4e735835df664e1c37397d49031aeb23c96df5bc Mon Sep 17 00:00:00 2001
From: Zac Herd <mrdetonia@protonmail.com>
Date: Thu, 1 Dec 2016 19:40:24 +0000
Subject: [PATCH] v0.17.1 sanitize username for last.fm command

---
 bot.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/bot.py b/bot.py
index 4ca7967..f9b2496 100644
--- a/bot.py
+++ b/bot.py
@@ -32,7 +32,7 @@ from secret import token, lfmkey
 # CONFIGURATION
 
 # bot version
-version = "v0.17.0"
+version = "v0.17.1"
 
 # text shown by .help command
 helptext = """I am a Discord bot written in Python
@@ -90,8 +90,11 @@ def dtfromts(ts):
 
 # gets now playing information from last.fm
 def lastfm_np(username):
+    # sanitise username
+    cleanusername = re.sub(r'[^a-zA-Z0-9_-]', '', username, 0)
+
     # fetch xml from last.fm
-    r = http.request("GET", "https://ws.audioscrobbler.com/2.0/?method=user.getRecentTracks&user=" + username + "&limit=1&api_key=" + lfmkey)
+    r = http.request("GET", "https://ws.audioscrobbler.com/2.0/?method=user.getRecentTracks&user=" + cleanusername + "&limit=1&api_key=" + lfmkey)
 
     if r.status != 200:
         return "Couldn't get last.fm data for " + username