Testing fixes for security improvement, thread safety, and memory management.

src/fenrirscreenreader/soundDriver/genericDriver.py

@@ -44,10 +44,14 @@ class driver(soundDriver):
             return
         if interrupt:
             self.cancel()
+        # Validate file path to prevent injection
+        import os
+        if not os.path.isfile(filePath) or '..' in filePath:
+            return
         popenSoundFileCommand = shlex.split(self.soundFileCommand)
         for idx, word in enumerate(popenSoundFileCommand):
             word = word.replace('fenrirVolume', str(self.volume ))
-            word = word.replace('fenrirSoundFile', str(filePath))
+            word = word.replace('fenrirSoundFile', shlex.quote(str(filePath)))
             popenSoundFileCommand[idx] = word
         self.proc = subprocess.Popen(popenSoundFileCommand, shell=False)
         self.soundType = 'file'