[TYPO3-core] RFC: allow .. in names -> check for ../ (#3364)
Martin Kutschker
martin.kutschker-n0spam at no5pam-blackbox.net
Mon May 15 21:40:26 CEST 2006
Martin Kutschker schrieb:
> Franz Holzinger <franz at fholzinger.com> writes on
> Fri, 28 Apr 2006 21:47:31 +0200 (METDST):
>
>> Hello Martin,
>>
>> this would lead to errors where someone has used '..' as a pathname
>> without a trailing '/' in the call of t3lib_div::validPathStr().
>>
>> Is it a must that a pathname has a trailing '/' ?
>
>
> I mean the check currently denies any .. within the path.
>
> So "foo..bar" is invalid without any real reason. What should be forbidden is "../foo/bar" or "fo/../bar":
>
> preg_match('|(?:^\.\.|/\.\./|',$path)
Committed (HEAD, TYPO3_4-0)
Masi
More information about the TYPO3-team-core
mailing list