Looks like someone found another bug in sh-httpd: http://lists.netsys.com/pipermail/full-disclosure/2003-October/012776.html
The first 2 chunks of the patch supplied looks OK, although I have not personally tested them. The third (and last) chunk of the patch should probably be tweaked to the following (again, not actually tested):
@@ -292,7 +292,7 @@
fi- DIR="`dname $URL`" + DIR="`dname \"$URL\"`" - FILE="`bname $URL`" + FILE="`bname \"$URL\"`"
Note that this bug is not a serious security issue if you have not allowed external internet access to the weblet server (blocked by default in all LEAF varients, so you'd have to explicitly enable access).
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
