[TYPO3-core] RFC: allow .. in names -> check for ../ (#3364)

Martin Kutschker Martin.Kutschker at blackbox.net
Sat Apr 29 20:22:39 CEST 2006


Franz Holzinger <franz at fholzinger.com> writes on 
Fri, 28 Apr 2006 21:47:31 +0200 (METDST):

> Hello Martin,
> 
> this would lead to errors where someone has used '..' as a pathname
> without a trailing '/' in the call of t3lib_div::validPathStr().
> 
> Is it a must that a pathname has a trailing '/' ?


I mean the check currently denies any .. within the path.

So "foo..bar" is invalid without any real reason. What should be forbidden is "../foo/bar" or "fo/../bar":

preg_match('|(?:^\.\.|/\.\./|',$path)

Masi 



More information about the TYPO3-team-core mailing list