cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Patch to use filename from Content-disposition header

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Mon, 11 Jan 2010 21:51:31 +0100

On Monday 11 of January 2010 21:45:01 Bj�rn Stenberg wrote:
> We only use the filname portion of any path, so any possible attack is just
> as possible without using / at all.

Great! I'll check it with gdb to ensure myself. From my understanding
of the code it looked other way around...

> The patch also contains a paragraph for the man page. I've been looking at
> adding some test cases too, but it requires a bit of refactoring of the
> test framework since it currently is not designed to handle -O.

That's awkward ... but at least I am going to use the option at times
and will report here if anything goes wrong ;-)

> Thank you for reviewing and testing!

np, where can I get current version of the patch actually?

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-01-11

This message: [ Message body ]
Next message: Bj�rn Stenberg: "Re: Patch to use filename from Content-disposition header"
Previous message: Bj�rn Stenberg: "Re: Patch to use filename from Content-disposition header"
In reply to: Bj�rn Stenberg: "Re: Patch to use filename from Content-disposition header"
Next in thread: Bj�rn Stenberg: "Re: Patch to use filename from Content-disposition header"
Reply: Bj�rn Stenberg: "Re: Patch to use filename from Content-disposition header"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]