Hi,
a small patch to allow '.' in the config filenames while being still
secure because Geoff told me it was the reason of the:
! strchr(input[config], '.')
test in htsearch.cc
my patch allows people to use config filenames like:
htdig-server.domain.com.conf
while rejecting config filenames which contains '.' in order to access
to a different directory.
bye,
Jerome ALET - [EMAIL PROTECTED] - http://cortex.unice.fr/~jerome
Faculte de Medecine de Nice - http://noe.unice.fr - Tel: 04 93 37 76 30
28 Avenue de Valombrose - 06107 NICE Cedex 2 - FRANCE
--- htsearch.cc.old Fri Feb 12 12:45:29 1999
+++ htsearch.cc Fri Feb 12 12:49:26 1999
@@ -127,7 +127,7 @@ main(int ac, char **av)
//
config.Defaults(&defaults[0]);
if (!override_config && input.exists("config")
- && !strchr(input["config"], '.'))
+ && (strstr(input["config"], "./") == NULL)) // To allow . in filename while
+still being 'secure', e.g. htdig-f.q.d.n.conf
{
char *configDir = getenv("CONFIG_DIR");
if (configDir)
