[asterisk-dev] New manager action: CreateConfig
Jason Parker
jparker at digium.com
Tue Feb 12 10:02:09 CST 2008
Michiel van Baak wrote:
> On 16:16, Tue 12 Feb 08, Johansson Olle E wrote:
>> What happens if I use an argument of "../rc.conf" or "../passwd" ?
>>
>> I suggest we filter file name arguments for ".." and "/" in the
>> arguments of all these configuration actions.
>>
>> /O
>
> Please make that a regex like '^\.\.' and ^\/'
> I use subdirs to store my configs so filtering on plain /
> wont be nice for me
>
'^\.\.' is no good.
"fakedir/../../badfile" ~= "../badfile"
Only the latter would match that regex.
More information about the asterisk-dev
mailing list