-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 12.09.2011 13:43, schrieb DaB.:
to prevent something like
"../../dab/text.xml" as parameter with would result in
"/home/drtrigon/xslt/"../../dab/text.xml" which would result to
"/home/dab/text.xml"
Yes I assumed something similar, BUT python 'open' does not accept "/home/drtrigon/xslt/../../dab/text.xml" as path, it returns an "IOError: [Errno 2] No such file or directory: ..."
My idea was just to create a list of all files I allow (in fact all '.xslt' in the same dir as the script is) and check the given parameter agains this. Consider this list ["atom2html.xslt", "rss2html.xslt"] now if I do a "xslt in ["atom2html.xslt", "rss2html.xslt"]" I would have caught all the possible cases with any combination of "../.." and binary "\0" and else... or am I missing something here...?!? ;)
Thanks for all your patience!