On Sat, May 26, 2007 at 13:35:37 +0200, roadie <[EMAIL PROTECTED]> wrote: > > The idea is to let the client gzip the campaign and upload it to the > server. Other clients download this gzipped campaign and unpack it > locally. Since I'm busy with rewriting the campaign server I want to add > this feature.
There are security implications in doing this. The client downloading a campaign needs to make sure that the files are all in fact placed in the campaign directory. There should also be some sanity checking to check for zip bombs so that when unpacking if the campaign goes over a configured size, the process is aborted. It would be nice to catch these on the server when uploading campaigns as well. It wouldn't strictly cause problems for the server if they are stored in zip format, but will save us some complaints if some classes of malware get uploaded to the campaign server. _______________________________________________ Wesnoth-dev mailing list [email protected] https://mail.gna.org/listinfo/wesnoth-dev
