http://d.puremagic.com/issues/show_bug.cgi?id=3420
Don <clugd...@yahoo.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|[PATCH] Allow string import |Allow string import of
|of files using |files using subdirectories
|subdirectories |
Severity|regression |enhancement
--- Comment #19 from Don <clugd...@yahoo.com.au> 2010-09-20 04:45:03 PDT ---
This link:
https://www.securecoding.cert.org/confluence/display/seccode/FIO02-C.+Canonicalize+path+names+originating+from+untrusted+sources
states that:
"Producing canonical file names for Windows operating systems is extremely
complex and beyond the scope of this standard. The best advice is to try to
avoid making decisions based on a path, directory, or file name [Howard 2002].
Alternatively, use operating-system-based mechanisms, such as access control
lists (ACLs) or other authorization techniques."
Thus, this issue might not be fixable on Windows.
I'm downgrading this all the way from 'regression' to 'enhancement', since it
was a security bug that it ever worked at all. Perhaps the bug should just be
closed.
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
