On Tue, Sep 03, 2002 at 06:02:35AM -0400, Daniel Veillard wrote: > On Tue, Sep 03, 2002 at 11:56:16AM +0200, Janning Vygen wrote: > > Am Montag, 2. September 2002 16:42 schrieb Jirka Kosek: > > > Janning Vygen wrote: > > > > 3. Directories cant be created by the XSLT Processor. Does > > > > anybody has written a stylesheet converting toc file to a shell > > > > script which creates all needed directories? > > > > > > This depends on OS and processor used. E.g. Saxon on Windows is > > > able to create directory if it doesn't exists yet. > > > > Yes, you are right. I forgot to say that i am using linux and > > xsltproc. Saxon uses java api to extend the possibilities and it > > works on linux as well as on windows. [...] > > Wouldn't it be better to have an XSL Stylesheet which generates a > > file with the needed directories? > > Honnestly, no ! That could turn into a nasty security problem. > When an XSLT engine is embedded in say a web server, it's already a > bit hazardeous to allow creating files (extending libxslt to have > some policy control over potential security hazards is an interesting > TODO item), I wouldn't allow to create directories ATM, there is too > many security implications (think about a sytlesheet with an hidden > template creating .ssh/authorized_keys for example). > Too dangerous without a proper framework,
I started implementing the framework. The patch I commited at http://cvs.gnome.org/bonsai/cvsquery.cgi?module=libxslt&branch=HEAD&branchtype=match&dir=libxslt&file=&filetype=match&who=veillard&whotype=match&sortby=Date&hours=&date=explicit&mindate=10%2F10%2F02+11%3A25&maxdate=10%2F10%2F02+11%3A27&cvsroot=%2Fcvs%2Fgnome provide the necessary hooks for access checking and defining a policy of access. As a result xsltproc should create new directories when needed. There is also a couple of new options: --nowrite : refuse to write to any file or resource --nomkdir : refuse to create directories To be able to protect the environment when the stylesheets are not considered trusted enough. This will be in the next libxslt release. Daniel -- Daniel Veillard | Red Hat Network https://rhn.redhat.com/ [EMAIL PROTECTED] | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/