[Redbutton-devel] SF.net SVN: redbutton: [8] redbutton-download/trunk/command.c

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 8
Author:   skilvington
Date:     2006-03-02 03:22:44 -0800 (Thu, 02 Mar 2006)
ViewCVS:  http://svn.sourceforge.net/redbutton/?rev=8&view=rev

Log Message:
-----------
extra .. check when canonicalising ContentReferences

Modified Paths:
--------------
    redbutton-download/trunk/command.c
Modified: redbutton-download/trunk/command.c
===================================================================

--- redbutton-download/trunk/command.c	2006-03-02 11:11:58 UTC (rev 7)
+++ redbutton-download/trunk/command.c	2006-03-02 11:22:44 UTC (rev 8)
@@ -245,7 +245,7 @@
 	canon_cref = canonical_filename(cref + 3);
 
 	/* if the canonical name starts with "../", it is invalid */
-	if(strncmp(canon_cref, "../", 3) == 0)
+	if(strcmp(canon_cref, "..") == 0 || strncmp(canon_cref, "../", 3) == 0)
 		return NULL;
 
 	/* create the carousel filename, ie prepend the servive gateway directory */



This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.




