[TYPO3-core] RFC: allow .. in names -> check for ../ (#3364)
Franz Holzinger
franz at fholzinger.com
Sat Apr 29 20:57:18 CEST 2006
Martin Kutschker a écrit :
>>Hello Martin,
>>
>>this would lead to errors where someone has used '..' as a pathname
>>without a trailing '/' in the call of t3lib_div::validPathStr().
>>
>>Is it a must that a pathname has a trailing '/' ?
>>
>>
>
>
>I mean the check currently denies any .. within the path.
>
>So "foo..bar" is invalid without any real reason. What should be forbidden is "../foo/bar" or "fo/../bar":
>
>preg_match('|(?:^\.\.|/\.\./|',$path)
>
>
>
then it is ok.
+1
- Franz
More information about the TYPO3-team-core
mailing list