[Tickets #7646] Re: Driver 'file' fails to open files with '..' anywhere in name
bugs at horde.org
bugs at horde.org
Mon Jun 7 11:11:17 UTC 2010
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/7646
------------------------------------------------------------------------------
Ticket | 7646
Updated By | Valentin.Vidic at CARNet.hr
Summary | Driver 'file' fails to open files with '..' anywhere
| in name
Queue | Gollem
Version | 1.0.3
Type | Bug
State | No Feedback
Priority | 2. Medium
Milestone |
Patch |
Owners |
+New Attachment | file.php.diff
------------------------------------------------------------------------------
Valentin.Vidic at CARNet.hr (2010-06-07 07:11) wrote:
Noticed the same problem: gollem doesn't work correctly for files with
multiple consecutive dots in name. Patch for this is attached. Since
basename already removes directory path from the name there is no need
to remove consecutive dots from the file name. The only security
problem to check is the file name equal to ".."
More information about the bugs
mailing list