Hrvoje Niksic wrote:
Hrvoje Niksic <[EMAIL PROTECTED]> writes:
The code in question is:
if (!hs->local_file)
{
if (resp_header_copy (resp, "Content-Disposition", hdrval, sizeof
(hdrval)))
/* Honor Content-Disposition. */
{
hs->local_file = xstrdup (hdrval);
}
else
/* Choose filename according to URL name. */
{
hs->local_file = url_file_name (u);
}
}
I now see that this code has more serious problems than not parsing
Content-Disposition correctly. Specifically:
* The local name is copied from the header verbatim without inspecting
it for dangerous characters, such as "/" (on Windows also "\").
* There seems to be no code to check for uniqueness of file name. So
far Wget's philosophy has been not to overwrite file names by
default. If this is being changed, some people will be confused...
and it leaves too much room for abuse.
i was already aware of these problems. anyway, i just commited a patch
which implements correct parsing of HTTP Content-Disposition header.
* Now that the local name is determined and printed after the headers
have been received, shouldn't we remove the "local file has sprung
to existence" kludge? (See http://tinyurl.com/7b69q for details
about it.)
you're definitely right.
--
Aequam memento rebus in arduis servare mentem...
Mauro Tortonesi http://www.tortonesi.com
University of Ferrara - Dept. of Eng. http://www.ing.unife.it
GNU Wget - HTTP/FTP file retrieval tool http://www.gnu.org/software/wget
Deep Space 6 - IPv6 for Linux http://www.deepspace6.net
Ferrara Linux User Group http://www.ferrara.linux.it
