- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Fri, 11 Feb 2011 18:18:18 +0100
- To: Mark Nottingham <mnot@mnot.net>
- CC: httpbis Group <ietf-http-wg@w3.org>
On 10.02.2011 14:26, Julian Reschke wrote:
> On 10.02.2011 01:38, Mark Nottingham wrote:
>> Sorry, should have said -- this is #272.
>>
>>
>> On 10/02/2011, at 11:32 AM, Mark Nottingham wrote:
>>
>>> Section 3.3 Disposition Parameter: 'Filename' says
>>>
>>> """
>>> When the value contains path separator characters, all but the last
>>> segment SHOULD be ignored. This prevents unintentional overwriting of
>>> well-known file system location (such as "/etc//passwd").
>>> """
>>>
>>> However, "path separator characters" is not defined; should this be
>>> platform-specific, or should we nominate the characters in question?
>>> Either way, it needs to be more explicit.
>> ...
>
> If you want the filename to be usable across operating systems, you
> shouldn't use either "/" or "\".
>
> Thus, proposed text:
>
> "When the value contains one of the commonly used path separator
> characters ("/" and "\"), all but the last segment SHOULD be ignored.
> This prevents unintentional overwriting of well-known file system
> location (such as "/etc/passwd")."
>
> Best regards, Julian
In the meantime I noticed that the text already changed slightly before;
this is what I have now:
o When the value contains path separator characters ("\" or "/"),
recipients SHOULD ignore all but the last path segment. This
prevents unintentional overwriting of well-known file system
locations (such as "/etc/passwd").
(<http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1116>)
Best regards, Julian
Received on Friday, 11 February 2011 17:19:01 UTC