[prev in list] [next in list] [prev in thread] [next in thread]
List: freedesktop-dbus
Subject: Re: Escaping for paths
From: Ross Burton <ross () burtonini ! com>
Date: 2006-06-15 20:02:00
Message-ID: 1150401720.1887.6.camel () localhost ! localdomain
[Download RAW message or body]
On Thu, 2006-06-15 at 21:21 +0200, Thiago Macieira wrote:
> The reason why I think it's dangerous is that two different URIs or
> pathnames could escape to the same object path. For example, imagine I
> had addressbooks:
> /home/thiago/address_book-vcf
> /home/thiago/address_book.vcf
> (that's a Greek alpha and a Greek beta)
>
> Both would escape to /home/thiago/address_book_vcf or
> _home_thiago_addres_book_vcf.
That's not escaping in my mind, as you can't reverse the operation.
> The only solution would be to select one of the characters we have to be
> an escape character, like % in URIs. The above example would
> be /home/thiago/address_5fbook_2dvcf
> and /home/thiago/address_5fbook_2evcf, or
> _2fhome_2fthiago_2faddress_5fbook_2dvcf and
> _2fhome_2fthiago_2faddress_5fbook_2evcf. If people push arbitrary data
> into this function, it would have the potential to increase the length
> threefold.
The NetworkManager (and thus EDS) code passes through A-Z a-z 0-9 and
everything else is escape as %xx (hex). This is trivially reversable
and doesn't mangle the data too much.
Ross
--
Ross Burton mail: ross@burtonini.com
jabber: ross@burtonini.com
www: http://www.burtonini.com./
PGP Fingerprint: 1A21 F5B0 D8D0 CFE3 81D4 E25A 2D09 E447 D0B4 33DF
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic