Hi Kim, GetFilename just appends the installation dir if necessary. I was able to rename c:\autoexec.bat and ..\testfile.txt which are both outside of the installation directory - that's why I added the VerifyFileInDirectoryTree function...
I think we should limit Read/WriteFile to the installation directory tree, as well. Brent --- Kim_Gr�sman <[EMAIL PROTECTED]> wrote: > Hi Brent, > > > We should also probably limit WriteFile with the > same > > restrictions as RenameFile as well. > > And finally, maybe even ReadFile shouldn't be able > to > > do anything outside the DQSD installation dir. > > I _think_ (provided I got the point of GetFilename > properly) that both > ReadFile and WriteFile are confined to the dqsd > install directory. > Both call GetFilename to build an absolute path from > the filename, but I > haven't really tested it with anything but relative > paths... > > Thanks for FileExists, by the way :) > > Kim > > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built > ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are > available now. > Download today and enter to win an XBOX or Visual > Studio .NET. > http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 > _______________________________________________ > DQSD-Devel mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/dqsd-devel __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ DQSD-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dqsd-devel
