anewt-developers team mailing list archive

Thread
Date

[Bug 3279] Re: SafeFilenameValidator

To: anewt-developers@xxxxxxxxxxxxxxxxxxx
From: "Sander van Schouwenburg \(Sandworm\)" <work@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 31 Mar 2009 17:52:12 -0000
Reply-to: Bug 3279 <3279@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

If you're talking about the file upload control then no, this probably
doesn't make a lot of sense. File uploads only specify a filename, not a
directory. In the past I've used complex file upload controls with an
option of manually specifying a file on the server, but I don't believe
the version in anewt has this option.

I'm not really sure about a potential exploit with uploading a file with
special/directory characters in the name. It's possible they are not
properly escaped, but I'm not really sure how to test this. Windows
doesn't allow me to create a file with a '/' or '\' in the name, and I
don't think the browsers allow me to manually override the filename.

-- 
SafeFilenameValidator
https://bugs.launchpad.net/bugs/3279
You received this bug notification because you are a member of Anewt
developers, which is subscribed to Anewt.