Date: Wed, 15 Jun 2005 16:31:58 +0300 From: Vasil Dimov <vd@datamax.bg> To: "Loren M\. Lang" <lorenl@alzatex.com> Cc: freebsd-ports@freebsd.org Subject: Re: Download URL for blobwars. Message-ID: <20050615133158.GB50642@sinanica.bg.datamax> In-Reply-To: <20050615062637.GA28464@alzatex.com> References: <20050615052417.GA27969@alzatex.com> <20050615062637.GA28464@alzatex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, Jun 14, 2005 at 11:26:37PM -0700, Loren M. Lang wrote:
> On Tue, Jun 14, 2005 at 10:24:17PM -0700, Loren M. Lang wrote:
...
> > PORTNAME and DISTVERSION as appropriate. This caused fetch to grab the
> > file successfully, but it saved it as
> >
> > download.php?type=zip&file=blobwars-1.04-1.tar.gz
> >
> > instead of blobwars-1.04-1.tar.gz so extract then fails. Though when I
...
> I think what's happening here is that libfetch doesn't understand the
> Content-disposition header that the site is sending out and so is saving
> the file with the wrong name. The fix would be to add support for the
> content-disposition header to libfetch or use a suitable replacement
> that understands the header. The only other alternative I can see it to
This would be quite insecure, imagine that server requests the file to
be saved as ../../../../../../etc/passwd or ~/.profile or something else
unexpected.
You should use -o ${KNOWNFILENAME} as Roman Neuhauser suggests.
-----BEGIN PGP SIGNATURE-----
iD8DBQFCsC3OFw6SP/bBpCARAq4wAJ9ZuhQ+tHaP1t3wD0s3sb8j+0MWJQCg2rlP
ipmWRE6+fu593YmYUQbfOW0=
=Lbqg
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050615133158.GB50642>