On Sun, Mar 16, 2008 at 02:17:08 +0100, > > ~ If I have access only to "dir1" then logically I have access to > "dir1/dir2/.." but not "dir1/.."
Yes but parsing the path is more work and if you can use dir1, why do you need to be able to write it as dir1/dir2/.. ? > ~ Are you saying that this is too complex for a C++ program to determine? Its possible, but there doesn't seem to be much benefit to allowing that. > ~ Finally, if functions and string literals in the C++ cannot be trusted > then > you have far worse problems on your hands than directory paths containing ".." Strings supplied by remote players or servers should not be trusted. If there are ones that can cause access to data they shouldn't have or get executed, that is a problem that should be fixed. _______________________________________________ Wesnoth-dev mailing list [email protected] https://mail.gna.org/listinfo/wesnoth-dev
