URL:
<http://gna.org/bugs/?13080>
Summary: On some filesystems, users can overwrite each
others' add-ons on add-on servers
Project: Battle for Wesnoth
Submitted by: dfranke
Submitted on: Friday 02/27/2009 at 03:15
Category: Bug
Severity: 6 - Security
Priority: 5 - Normal
Item Group: None of the others
Status: None
Privacy: Private
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: 1.511+svn
Operating System: Windows, OS X
_______________________________________________________
Details:
I haven't gotten the chance to set up a Windows or OS X box to test this, but
after going over the code I'm fairly certain of it: when the campaign server
is backed by a non-case-sensitive filesystem, users can overwrite each
others' campaigns. Campaigns are keyed by their name, which is
case-sensitive, and stored to a file with the same name. So, if you upload a
campaign with a name that differs from another only in case, you overwrite the
other campaign's file. On Windows we also need to look out for DOS-legacy
aliasing, e.g. 'Microsoft' == 'Micros~1'.
_______________________________________________________
Reply to this item at:
<http://gna.org/bugs/?13080>
_______________________________________________
Message sent via/by Gna!
http://gna.org/
_______________________________________________
Wesnoth-bugs mailing list
[email protected]
https://mail.gna.org/listinfo/wesnoth-bugs
