- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Sun, 12 Sep 2004 00:12:37 +0200
- To: Terje Bless <link@pobox.com>
- Cc: public-qa-dev@w3.org, openjade-devel@lists.sourceforge.net
* Terje Bless wrote: >Bjoern Hoehrmann <derhoermi@gmx.net> wrote: > >>+ || dir[j] == '\\' > >I've not really parsed this code so it may be irrelevant, but my first concern >at allowing the backslash character to appear anywhere is that it might allow >escape sequences to get passed through (to the shell, or interpreted in C++ >land). Can you confirm that the current code is not susceptible to that? It is only allowed if the list of search paths includes a backslash or slash on the same position (the user is responsible to ensure this does not cause any problem) or if the path starts with something that is a complete allowed search path (for which the user is responsible, too). I do not know of any problem this introduces on up-to-date systems that are affected by the change.
Received on Saturday, 11 September 2004 22:13:18 UTC