On 22/05/13 16:19, Simon Gomizelj wrote: > On Wed, May 22, 2013 at 02:51:54PM +1000, Allan McRae wrote: >> On 22/05/13 14:41, Simon Gomizelj wrote: >>> On Fri, May 10, 2013 at 10:41:41PM +1000, Allan McRae wrote: >>>> On 09/05/13 16:48, Allan McRae wrote: >>>>> On 09/05/13 16:40, Simon Gomizelj wrote: >>>>>> size_t cache_len = strlen(db->handle->dbpath) + >>>>>> strlen(db->handle->root); >>>>>> >>>>>> Do we actually need to recalculate this each time? Maybe its worth >>>>>> cacheing somewhere. I'm sure there's more validation that could be >>>>>> done within pacman. >>>>>> >>>>>> I'll leave the min length for now. >>>>> >>>>> Why? What does three characters give you that one does not? I'm >>>>> assuming an "a.Z" extension. By why do we need an extension? >>>>> >>>> >>>> Discussed on IRC. I'd prefer to explicitly check for "." and ".." >>>> rather than have the restriction of three. >>>> >>>> Allan >>>> >>> >>> Just checking it starts with '.' should be sufficient. It will rule out >>> '..' and the filename is already explicitly restricted from containing >>> '/'. >>> >> >> pkgname='.' works (somewhat). I guess pkgname=".foobar" is more plausible. >> >> Allan >> > > falconindy and I has a discussion on irc about what constitutes a valid > filename and I think we settled on the idea that a hidden file should be > invalid. > > We could just move the dot check all together. So long as the filename > doesn't contain a '/', its not a filepath. >
We need a decision here so this patch can get pushed and we can finalise a maintenance release. I vote detecting "." and "..". and any filename containing "/". I.e. detect all paths and only paths. Allan
