On Wed, May 22, 2013 at 02:51:54PM +1000, Allan McRae wrote: > On 22/05/13 14:41, Simon Gomizelj wrote: >> On Fri, May 10, 2013 at 10:41:41PM +1000, Allan McRae wrote: >>> On 09/05/13 16:48, Allan McRae wrote: >>>> On 09/05/13 16:40, Simon Gomizelj wrote: >>>>> size_t cache_len = strlen(db->handle->dbpath) + >>>>> strlen(db->handle->root); >>>>> >>>>> Do we actually need to recalculate this each time? Maybe its worth >>>>> cacheing somewhere. I'm sure there's more validation that could be >>>>> done within pacman. >>>>> >>>>> I'll leave the min length for now. >>>> >>>> Why? What does three characters give you that one does not? I'm >>>> assuming an "a.Z" extension. By why do we need an extension? >>>> >>> >>> Discussed on IRC. I'd prefer to explicitly check for "." and ".." >>> rather than have the restriction of three. >>> >>> Allan >>> >> >> Just checking it starts with '.' should be sufficient. It will rule out >> '..' and the filename is already explicitly restricted from containing >> '/'. >> > > pkgname='.' works (somewhat). I guess pkgname=".foobar" is more plausible. > > Allan >
falconindy and I has a discussion on irc about what constitutes a valid filename and I think we settled on the idea that a hidden file should be invalid. We could just move the dot check all together. So long as the filename doesn't contain a '/', its not a filepath.
