On Thu, Feb 18, 2010 at 6:21 AM, xor <[email protected]> wrote: > On Wednesday 17 February 2010 18:21:59 Matthew Toseland wrote: >> + private static final boolean operatingSystemIsWindows() { // TODO: Move >> to the proper class + try { >> + return System.getProperty("os.name").toLowerCase().indexOf("win") >= 0; >> + } catch(Throwable t) { >> + return true; // :) >> + } >> + } >> >> IMHO this is dodgy, other OSs might have "win" in them. Normally we just >> check if File.separator is "\". > > Generally if we're not on Windows then more characters are allowed in > filenames so false positives are better than false negatives.
No. OS X have another set of complex rules. They even do Unicode normalization (ugh.) >> I am not convinced that the rest of the change is a good idea. For example >> allowing HTML markup in filenames might combine with sloppy code to cause >> problems. Allowing % in url's might again cause issues. Allowing pipes, >> <>, >> and spaces might cause problems with filenames copied to a shell. I guess >> it should depend on the configuration i.e. how paranoid the user is. > > I think you're being too paranoid here. Filenames are like one of the first > things which are implemented in a new operating system, if any operating > system is exploitable only via special characters in filenames then it is > not our problem. And we should just fix our % encoder instead of being > paranoid about problems with it. I guess I will have a look at it now.... > _______________________________________________ > Devl mailing list > [email protected] > http://osprey.vm.bytemark.co.uk/cgi-bin/mailman/listinfo/devl > _______________________________________________ Devl mailing list [email protected] http://osprey.vm.bytemark.co.uk/cgi-bin/mailman/listinfo/devl
