I've pushed code to forbid symlinks with ".." components. That's the best we can do for now I believe. Implementing path traversal in user space, making sure it is used everywhere, and making it reasonably fast and portable seems too much in short term.
-- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
