Patrick Steinhardt <ps@xxxxxx> writes: >> I am reluctant to use wildmatch() but I would expect that in >> practice "leading path matches" (in other words, "everything under >> this directory is OK") is sufficient, perhaps? > > Is there any particular reason why you don't want to use wildmatch? Mostly out of the principle to avoid anything more complex than absolutely necessary in a security relevant code path. It is called "superstition" in other languages ;-).
