-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 12.09.2011 13:43, schrieb DaB.:
to prevent something like
"../../dab/text.xml" as parameter with would result in
"/home/drtrigon/xslt/"../../dab/text.xml" which would result to
"/home/dab/text.xml"
Yes I assumed something similar, BUT python 'open' does not accept
"/home/drtrigon/xslt/../../dab/text.xml" as path, it returns an
"IOError: [Errno 2] No such file or directory: ..."
My idea was just to create a list of all files I allow (in fact
all '.xslt' in the same dir as the script is) and check the given
parameter agains this.
Consider this list ["atom2html.xslt", "rss2html.xslt"] now if I
do a "xslt in ["atom2html.xslt", "rss2html.xslt"]" I would
have
caught all the possible cases with any combination of "../.." and
binary "\0" and else... or am I missing something here...?!? ;)
Thanks for all your patience!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
iEYEARECAAYFAk5t9lkACgkQAXWvBxzBrDDPogCgtop/ff/vQhmsRXouX4AsWYK/
TVcAoLD56DBBu1QCbBJJKLvUKoh1+mpx
=mOxH
-----END PGP SIGNATURE-----