W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2011

Re: Content-Location: path separator characters [#272]

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 11 Feb 2011 18:18:18 +0100
Message-ID: <4D556F5A.1060608@gmx.de>
To: Mark Nottingham <mnot@mnot.net>
CC: httpbis Group <ietf-http-wg@w3.org>
On 10.02.2011 14:26, Julian Reschke wrote:
> On 10.02.2011 01:38, Mark Nottingham wrote:
>> Sorry, should have said -- this is #272.
>>
>>
>> On 10/02/2011, at 11:32 AM, Mark Nottingham wrote:
>>
>>> Section 3.3 Disposition Parameter: 'Filename' says
>>>
>>> """
>>> When the value contains path separator characters, all but the last
>>> segment SHOULD be ignored. This prevents unintentional overwriting of
>>> well-known file system location (such as "/etc//passwd").
>>> """
>>>
>>> However, "path separator characters" is not defined; should this be
>>> platform-specific, or should we nominate the characters in question?
>>> Either way, it needs to be more explicit.
>> ...
>
> If you want the filename to be usable across operating systems, you
> shouldn't use either "/" or "\".
>
> Thus, proposed text:
>
> "When the value contains one of the commonly used path separator
> characters ("/" and "\"), all but the last segment SHOULD be ignored.
> This prevents unintentional overwriting of well-known file system
> location (such as "/etc/passwd")."
>
> Best regards, Julian

In the meantime I noticed that the text already changed slightly before; 
this is what I have now:

    o  When the value contains path separator characters ("\" or "/"),
       recipients SHOULD ignore all but the last path segment.  This
       prevents unintentional overwriting of well-known file system
       locations (such as "/etc/passwd").

(<http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1116>)

Best regards, Julian
Received on Friday, 11 February 2011 17:19:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:37 GMT