aboutsummaryrefslogtreecommitdiffstats
path: root/TODO
diff options
context:
space:
mode:
authorMax Kellermann <max@duempel.org>2008-10-31 16:48:58 +0100
committerMax Kellermann <max@duempel.org>2008-10-31 16:48:58 +0100
commitf291876772d1283433924518f87e639e17901a17 (patch)
treee9ce02c3dde705d62e377f0e590ca0d2fa3b1cb2 /TODO
parenta5f8d4386c3d7b59bab15499d5d70f8d2713626f (diff)
downloadmpd-f291876772d1283433924518f87e639e17901a17.tar.gz
mpd-f291876772d1283433924518f87e639e17901a17.tar.xz
mpd-f291876772d1283433924518f87e639e17901a17.zip
mapper: check for "." and ".."
Make map_directory_child_fs() refuse the names "." and "..". This is currently the interface where an attacker may inject a manipulated path (through the "update" command).
Diffstat (limited to 'TODO')
0 files changed, 0 insertions, 0 deletions