+userv (0.65.0) unstable; urgency=high
+
+ * Avoid accessing backup, auto-save files, etc, with include-lookup.
+ Everything except a-z 0-9 - _ must now be prefixed by a colon.
+
+ -- Ian Jackson <ian@davenant.greenend.org.uk> Sat, 9 Oct 1999 17:09:24 +0100
+
userv (0.64.1) unstable; urgency=low
* New "shutdown" builtin service for terminating uservd.
} else {
if (*p=='.') *q++= ':';
while ((c= *p++)) {
- if (c=='/') { *q++= ':'; c='-'; }
- else if (c==':') { *q++= ':'; }
+ if (c=='/') {
+ *q++= ':';
+ c= '-';
+ } else if (!((c >= '0' && c <= '9') ||
+ (c >= 'a' && c <= 'z') ||
+ c == '-' || c == '_')) {
+ *q++= ':';
+ }
*q++= c;
}
*q++= 0;
<p>
A translation will be applied to values before they are used to
-construct a filename, so that the lookup cannot access dotfiles or
-files in other directories: values starting with full stops will have
-a colon prepended (making <tt/:./), colons will be doubled, and each
-slash will be replaced with a colon followed by a hyphen <tt>:-</>. A
-parameter value which is the empty string will be replaced with
+construct a filename, so that the lookup cannot access dotfiles,
+backup files, files in other directories and the like: each slash will
+be replaced with a colon followed by a hyphen <tt>:-</>, and all
+characters which are not lowercase alphanumerics, hyphens or
+underscores will have a colon prepended (so that colons are doubled).
+A parameter value which is the empty string will be replaced with
<tt/:empty/ (note that this is different from a parameter not having
any values).
~ian / userv.git / commitdiff