http://d.puremagic.com/issues/show_bug.cgi?id=3420
Don <clugd...@yahoo.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|[PATCH] Allow string import |Allow string import of |of files using |files using subdirectories |subdirectories | Severity|regression |enhancement --- Comment #19 from Don <clugd...@yahoo.com.au> 2010-09-20 04:45:03 PDT --- This link: https://www.securecoding.cert.org/confluence/display/seccode/FIO02-C.+Canonicalize+path+names+originating+from+untrusted+sources states that: "Producing canonical file names for Windows operating systems is extremely complex and beyond the scope of this standard. The best advice is to try to avoid making decisions based on a path, directory, or file name [Howard 2002]. Alternatively, use operating-system-based mechanisms, such as access control lists (ACLs) or other authorization techniques." Thus, this issue might not be fixable on Windows. I'm downgrading this all the way from 'regression' to 'enhancement', since it was a security bug that it ever worked at all. Perhaps the bug should just be closed. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------