* Ignace Mouzannar [2016-03-30 22:09:42 -0400]:
> Thank you for reporting this issue. Here is the fix I intend to push
> in src/wiki.c. I have tested the solution on my didiwiki installation,
> and it seems to be working fine.
It still feels somewhat hit-and-miss.
> if (strncmp(page_name, "/", 1) == 0)
> return FALSE;
OK, except that it seems inefficient to call strncmp() for what is really
a single-byte comparison.
> if (strncmp(page_name, "./", 2) == 0)
> return FALSE;
Why? What is wrong with a leading ./ ? It's redundant but quite safe.
Also, why forbid a leading ./ but not an embedded /./ ? I'm inclined
to skip this check entirely.
> if (strncmp(page_name, "..", 2) == 0)
> return FALSE;
Rules out a page named ..like.this. Maybe you meant strcmp(page_name, "..") ?
> if (strstr(page_name, "../"))
> return FALSE;
Rules out a page named like../this.
> if (strstr(page_name, "/.."))
> return FALSE;
Rules out a page named like/..this.
Some of these checks are redundant if one guards against page_name pointing to
a directory. (This can be checked separately at the end, or when the file is
opened.) Then the only .. checks one needs are
strncmp(page_name, "../", 3)
and
strstr(page_name, "/../")
since the remaining cases "..", "*/.." will be caught by the no-directory rule.
