[Bug 113483] Re: kpf fails to serve file names containing ~
Tzvetan Mikov
tmikov at gmail.com
Wed May 9 02:14:36 UTC 2007
I think I have isolated the problem in the source. It is in kdenetwork-3.5.6/kpf/src/Server.cpp lines 252-265:
// If there's .. or ~ in the path, we disallow. Either there's a mistake
// or someone's trying to h at x0r us. I wouldn't have worried about ~
// normally, because I don't do anything with it, so the resource would
// simply not be found, but I'm worried that the QDir/QFile/QFileInfo
// stuff might try to expand it, so I'm not taking any chances.
if (d->request.path().contains("..") || d->request.path().contains('~'))
{
kpfDebug << d->id << ": readRequest: bogus path" << endl;
d->state = Responding;
respond(403);
emit(readyToWrite(this));
return false;
}
I am not familiar with KDE development, so I am not sure whether the
author is correct that QDir/QFile/QFileInfo expand "~". It seems strange
and in any case forbidding all files containing "~" is not the correct
solution for sure. I will e-mail the upstream author (which I probably
should have done on the first place, before reporting it here).
--
kpf fails to serve file names containing ~
https://bugs.launchpad.net/bugs/113483
You received this bug notification because you are a member of Kubuntu
Team, which is a bug contact for kdenetwork in ubuntu.
More information about the kubuntu-bugs
mailing list