On Sat, May 26, 2007 at 10:51:26 -0500, Bruno Wolff III <[EMAIL PROTECTED]> wrote: > > There are security implications in doing this. The client downloading > a campaign needs to make sure that the files are all in fact placed > in the campaign directory. There should also be some sanity checking
I forgot there should also be sanity checking on path names. (There is already code in the current download and upload functions to do some of this.) You generally want to avoid special characters in path names. The special .. sequence is especially dangerous on unix like systems. _______________________________________________ Wesnoth-dev mailing list [email protected] https://mail.gna.org/listinfo/wesnoth-dev
