diff options
author | Max Kellermann <max@duempel.org> | 2008-10-31 16:48:58 +0100 |
---|---|---|
committer | Max Kellermann <max@duempel.org> | 2008-10-31 16:48:58 +0100 |
commit | f291876772d1283433924518f87e639e17901a17 (patch) | |
tree | e9ce02c3dde705d62e377f0e590ca0d2fa3b1cb2 /TODO | |
parent | a5f8d4386c3d7b59bab15499d5d70f8d2713626f (diff) | |
download | mpd-f291876772d1283433924518f87e639e17901a17.tar.gz mpd-f291876772d1283433924518f87e639e17901a17.tar.xz mpd-f291876772d1283433924518f87e639e17901a17.zip |
mapper: check for "." and ".."
Make map_directory_child_fs() refuse the names "." and "..". This is
currently the interface where an attacker may inject a manipulated
path (through the "update" command).
Diffstat (limited to 'TODO')
0 files changed, 0 insertions, 0 deletions