Re: NSString, stringByAppendingPathComponent, and Canonicalization
On Mon, 4 Apr 2011 22:19:07 -0500, Stephen J. Butler said: I need to accept a filename from the user. Given the user supplied filename, I form a fully qualified name: NSString* pathName = [NSHomeDirectory(), stringByAppendingPathComponent:@Documents]; NSString* fullPathName = [pathName stringByAppendingPathComponent:filename]; First, you should be getting the path to the documents folder via NSSearchPathForDirectoriesInDomains(): Even better is not not use NSStrings/paths at all and use NSURLs instead. In that case you'd use URLF orDirectory:inDomain:appropriateForURL:create:error: instead of NSSearchPathForDirectoriesInDomains(). -- Sean McBride, B. Eng s...@rogue-research.com Rogue Researchwww.rogue-research.com Mac Software Developer Montréal, Québec, Canada ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: NSString, stringByAppendingPathComponent, and Canonicalization
On Apr 4, 2011, at 8:08 PM, Jeffrey Walton wrote: Hi All, I need to accept a filename from the user. Given the nature of the file system on iOS, do you really need to accept a file name from the user, or just a document title? Unless your supporting users syncing documents via some method that relies on filename, it is probably best to use arbitrary file names and use whatever the user gives you as a document title instead. -- David Duncan ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: NSString, stringByAppendingPathComponent, and Canonicalization
On Mon, Apr 4, 2011 at 10:08 PM, Jeffrey Walton noloa...@gmail.com wrote: I need to accept a filename from the user. Given the user supplied filename, I form a fully qualified name: NSString* pathName = [NSHomeDirectory(), stringByAppendingPathComponent:@Documents]; NSString* fullPathName = [pathName stringByAppendingPathComponent:filename]; First, you should be getting the path to the documents folder via NSSearchPathForDirectoriesInDomains(): http://developer.apple.com/library/ios/documentation/Cocoa/Conceptual/LowLevelFileMgmt/Articles/StandardDirectories.html#//apple_ref/doc/uid/20001279-SW5 How do I canonicalize the the resulting fullPathName to verify there was no directory traversal goodness in the filename? In case its relevant, the platform is iOS. I can't remember if there's a Cocoa version, but the standard Unix way to do this is realpath (man realpath). Make sure to use -[NSString fileSystemRepresentation] to get the char* version. But I'm not sure directory traversals are a huge concern in iOS. Everything is so sandboxed anyway... ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: NSString, stringByAppendingPathComponent, and Canonicalization
On Apr 4, 2011, at 10:08 PM, Jeffrey Walton wrote: I need to accept a filename from the user. Given the user supplied filename, I form a fully qualified name: NSString* pathName = [NSHomeDirectory(), stringByAppendingPathComponent:@Documents]; NSString* fullPathName = [pathName stringByAppendingPathComponent:filename]; How do I canonicalize the the resulting fullPathName to verify there was no directory traversal goodness in the filename? NSString* fullPathName = [pathName stringByAppendingPathComponent:[filename lastPathComponent]]; Cheers, Ken ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
