Hi, On Tuesday 13 February 2007 18:04, Martin Preuss wrote: [...] > On Tuesday 13 February 2007 17:49, Christian Stimming wrote: [...] > > This happens in hbci.c in AH_HBCI_AddUserPath() and > > AH_HBCI_AddObjectPath because GWEN_Path_Convert(..., > > GWEN_PATH_FLAGS_ESCAPE) is called there that should escape the whole > > path. It is clearly wrong that this escapes the initial "C:\" as well. > > Should we remove that GWEN_Path_Convert altogether? Martin, any idea? > > [...] > > No, it should not be removed, because the ID which is part of the path > *needs* to be escaped (otherwise a user could use a crafted user id to > read/write to other folders). > > Maybe we should - on windows only - handle the prefix "?:\" differently... > But that should not be in the convert function... I will have to look into > that. [...]
Hmm, I see: It should suffice to just convert the user id, not the whole string... I will have to change that. Regards Martin -- "Things are only impossible until they're not" AqBanking - http://www.aqbanking.de/ LibChipcard - http://www.libchipcard.de/ ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Aqbanking-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/aqbanking-devel
