[Tilesathome] Change proposal in uploaded files
Martijn van Oosterhout
kleptog at gmail.com
Mon Jul 2 14:31:41 BST 2007
On 7/2/07, Matthias Julius <lists at julius-net.net> wrote:
> > The problem with .tar.gz is that you can't control where the files end
> > up. While unpacking a tar.gz file you can't tell tar to ignore any
> > paths, so it will go create any directories... ZIP has a -j option to
> > prevent this.
>
> If the .tar file is created from $workdir/*.png or
> $workdir/*.dir/*.png it won't contain any path information.
That's not the point. Sure, you can create tar files without paths.
But if I create a tar file with the file /home/www/index.html then
untarring could quite possibly overwrite the main webpage. It's a
security issue, anybody with upload priviledges could upload any file
to anywhere on the dev server, and we don't want that.
The solution is to write a custom tar expander, but why bother if zip
alreayd works.
Have a nice day,
--
Martijn van Oosterhout <kleptog at gmail.com> http://svana.org/kleptog/
More information about the Tilesathome
mailing list