On 9 Jun 2001, at 10:44, Kevin Meltzer wrote:
> If it is under the control of your CGI, and you use proper data laundering and
> checking on paths being created, you shouldn't have a security issue.
Or just plain don't create paths through CGI (or for any other trivial
reason). That's me. Though it's something I'll keep in mind when I
do have a need for path creation. (I'll probably be limiting
pathnames to alpha/numeric/underscore when I do, though, just to
keep URLs clean, because I hate "%". Aesthetically displeasing.)
But really, I blame whoever was developing the filesystem and
thought it would be a good idea to allow newlines as a valid
character at all. Spaces, too. Bah, I say. Bah!
I'm suddenly flashing back to the old Apple ][ hidden-character
filenames. And I didn't even *own* an Apple ][.
> And bats aren't really blind :)
> That's relativity." --Albert Einstein
And Einstein didn't really say that (hey, this game is fun).
--
Karen J. Cravens ([EMAIL PROTECTED])