Should we check for ~ character too? Sent from a phone
Den lör 29 dec. 2018 14:03Brian May <[email protected]> skrev: > Ola Lundqvist <[email protected]> writes: > > > My conclusion however is about the same as you. I do not think many are > > using the transformations so I think we can safely remove that. > > Another option is to make a check for .. in the filename, because I think > > we can safely assume an attacher do not have write permission in the > > plugins directory, or can that be a problem too? > > I would think this should work too. If we are sure we are 100% > preventing an attacker "escaping" the plugins directory that is. > -- > Brian May <[email protected]> >
