On 28/05/13 11:20, Allan McRae wrote: > On 22/05/13 16:19, Simon Gomizelj wrote: >> On Wed, May 22, 2013 at 02:51:54PM +1000, Allan McRae wrote: >>> On 22/05/13 14:41, Simon Gomizelj wrote: >>>> On Fri, May 10, 2013 at 10:41:41PM +1000, Allan McRae wrote: >>>>> On 09/05/13 16:48, Allan McRae wrote: >>>>>> On 09/05/13 16:40, Simon Gomizelj wrote: >>>>>>> size_t cache_len = strlen(db->handle->dbpath) + >>>>>>> strlen(db->handle->root); >>>>>>> >>>>>>> Do we actually need to recalculate this each time? Maybe its worth >>>>>>> cacheing somewhere. I'm sure there's more validation that could be >>>>>>> done within pacman. >>>>>>> >>>>>>> I'll leave the min length for now. >>>>>> >>>>>> Why? What does three characters give you that one does not? I'm >>>>>> assuming an "a.Z" extension. By why do we need an extension? >>>>>> >>>>> >>>>> Discussed on IRC. I'd prefer to explicitly check for "." and ".." >>>>> rather than have the restriction of three. >>>>> >>>>> Allan >>>>> >>>> >>>> Just checking it starts with '.' should be sufficient. It will rule out >>>> '..' and the filename is already explicitly restricted from containing >>>> '/'. >>>> >>> >>> pkgname='.' works (somewhat). I guess pkgname=".foobar" is more plausible. >>> >>> Allan >>> >> >> falconindy and I has a discussion on irc about what constitutes a valid >> filename and I think we settled on the idea that a hidden file should be >> invalid. >> >> We could just move the dot check all together. So long as the filename >> doesn't contain a '/', its not a filepath. >> > > > We need a decision here so this patch can get pushed and we can finalise > a maintenance release. > > I vote detecting "." and "..". and any filename containing "/". I.e. > detect all paths and only paths. >
Bah - hidden files for packages can only be a bad thing... Sent a patch for makepkg to prevent packages starting with a ".". Ack -> maint for this patch.
