Should we check for ~ character too?

Sent from a phone

Den lör 29 dec. 2018 14:03Brian May <> skrev:

> Ola Lundqvist <> writes:
> > My conclusion however is about the same as you. I do not think many are
> > using the transformations so I think we can safely remove that.
> > Another option is to make a check for .. in the filename, because I think
> > we can safely assume an attacher do not have write permission in the
> > plugins directory, or can that be a problem too?
> I would think this should work too. If we are sure we are 100%
> preventing an attacker "escaping" the plugins directory that is.
> --
> Brian May <>

Reply via email to