måndag 09 februari 2009 04:58:03 skrev du:
> The earlier restriction was too narrow for some applications, for
> example repositories named "jgit.dev" and "jgit.test" are perfectly
> valid Git repositories and should still be able to be served by
> the daemon.
>
> By blocking out only uses of ".." as a path component and Windows
> UNC paths (by blocking "\") we can reasonably prevent the client
> from escaping the base dirctories configured in the daemon.
Didn't I tell you // is also UNC-prefix? Windows treats / == \ at the API
level. Also why test for contains one "\"? And why in the middle? The
UNC prefix can only occur at the beginning of a path. You can use
File.isAbsolute to see if a name represents an absolute path. It is
platform-depdendent, so new File("//foo/bar").isAbsolute() yield
different results on Windows and unix platforms.
-- robin
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
