W3C home > Mailing lists > Public > public-qa-dev@w3.org > September 2004

Re: [wmvs] OpenSP -R and Win32

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Sun, 12 Sep 2004 00:12:37 +0200
To: Terje Bless <link@pobox.com>
Cc: public-qa-dev@w3.org, openjade-devel@lists.sourceforge.net
Message-ID: <41446ffc.58311086@smtp.bjoern.hoehrmann.de> 

* Terje Bless wrote:
>Bjoern Hoehrmann <derhoermi@gmx.net> wrote:
>
>>+ || dir[j] == '\\'
>
>I've not really parsed this code so it may be irrelevant, but my first concern
>at allowing the backslash character to appear anywhere is that it might allow
>escape sequences to get passed through (to the shell, or interpreted in C++
>land). Can you confirm that the current code is not susceptible to that?

It is only allowed if the list of search paths includes a backslash or
slash on the same position (the user is responsible to ensure this does
not cause any problem) or if the path starts with something that is a
complete allowed search path (for which the user is responsible, too).
I do not know of any problem this introduces on up-to-date systems that
are affected by the change.
Received on Saturday, 11 September 2004 22:13:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 19 August 2010 18:12:44 GMT