On Thu, 20 Dec 2001, eNowak IGF remote wrote:
> // only read file which is under the secure sewse path -- hence filtering ".."
> if ((argv[i]).indexOf("..") != -1)
> { return "Cannot read from insecure path."; }
This fix does not seem to allow people to use filenames that include the
characters ".." (i e, "my_document..ulf.txt" is not valid). It is probably
better to parse the file name, so you know what parts are directories and
what part is the file name, and then check the directory parts for the
exact strings "." and "..".
________________________________________
Ulf Härnhammar
System Developer
ST-Registry
St Eriksgatan 117, E2
SE-113 43 Stockholm
SWEDEN
Telephone: +46 (0)8-545 476 04
Facsimile: +46 (0)8-32 63 33
E-mail: ulf@nic.st
Web: http://www.nic.st/
The STreet domain - your Internet address
