Skip to content

Bad handling of server-provided URLs containing ".." links to parent dir #7

Description

@afcady

This tool will write into ../ when the server gives an URL with /../ in it. This is a security flaw.

On the other hand, if ../whatever/ doesn't exist, it crashes the application with IOError: [Errno 2] No such file or directory:. It doesn't create missing directories as needed. This is a separate bug, filed as #8.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions