POV-Ray: Newsgroups: povray.windows: Can't read ../../file.inc: Re: Can't read ../../file.inc

POV-Ray : Newsgroups : povray.windows : Can't read ../../file.inc : Re: Can't read ../../file.inc		Server Time 24 Apr 2024 03:57:43 EDT (-0400)

From: clipka
Date: 16 Feb 2011 17:28:30
Message: <4d5c4f8e$1@news.povray.org>

Am 16.02.2011 20:51, schrieb Darren New:
> clipka wrote:
>>> STOP, that is no bug, that is by design!
>>
>> What? You mean that it strips any "../.." ???
>
> One would think that at worst the bug would be "it silently gives the
> wrong result instead of reporting an error."
>
> If the intention is to disallow ".." at the start of the string for
> security purposes, it should give an error rather than point at a
> different file (which would be its own security problem right there). If
> it's not security-related, I'm really curious how this could be
> considered a feature.

 From the code it is pretty obvious that the original intention is to 
eliminate ".." from paths like "foo/bar/../fnord" by contracting it to 
"foo/../fnord" - no security stuff intended there.

Also note that paths having the form "../foo" are passed unharmed.

Post a reply to this message