clipka <ano### [at] anonymousorg> wrote:
> Am 16.02.2011 20:51, schrieb Darren New:
> From the code it is pretty obvious that the original intention is to
> eliminate ".." from paths like "foo/bar/../fnord" by contracting it to
> "foo/../fnord" - no security stuff intended there.
What is the point of doing path contraction, if not for security purposes?
Otherwise you are introducing code with no benefit. The OS is going to handle
.../ just fine for you already.
Someone above said "../ at the start of the path". Don't forget that
foo/../../../../etc/passwd is legal.
Post a reply to this message