[TYPO3-core] RFC: allow .. in names -> check for ../ (#3364)
Martin Kutschker
Martin.Kutschker at blackbox.net
Sat Apr 29 20:22:39 CEST 2006
Franz Holzinger <franz at fholzinger.com> writes on
Fri, 28 Apr 2006 21:47:31 +0200 (METDST):
> Hello Martin,
>
> this would lead to errors where someone has used '..' as a pathname
> without a trailing '/' in the call of t3lib_div::validPathStr().
>
> Is it a must that a pathname has a trailing '/' ?
I mean the check currently denies any .. within the path.
So "foo..bar" is invalid without any real reason. What should be forbidden is "../foo/bar" or "fo/../bar":
preg_match('|(?:^\.\.|/\.\./|',$path)
Masi
More information about the TYPO3-team-core
mailing list