Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 30 Dec 2005 10:08:12 +0100
From:      des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=)
To:        Martin Cracauer <cracauer@cons.org>
Cc:        Barney Wolff <barney@databus.com>, freebsd-current@freebsd.org, Sean Bryant <sean@cyberwang.net>
Subject:   Re: fetch extension - use local filename from content-disposition header
Message-ID:  <86mzijdkar.fsf@xps.des.no>
In-Reply-To: <20051229220403.A16743@cons.org> (Martin Cracauer's message of "Thu, 29 Dec 2005 22:04:03 -0500")
References:  <20051229193328.A13367@cons.org> <20051230021602.GA9026@pit.databus.com> <43B498DF.4050204@cyberwang.net> <43B49B22.7040307@gmail.com> <20051229220403.A16743@cons.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Martin Cracauer <cracauer@cons.org> writes:
> The security implications are about the same as for the base
> functionality.  Any filename in the current directory can be wiped
> out if you fetch or wget and a URL redirects to another URL which
> leads to a filename that matches.

No.  Fetch uses the original filename as specified on the command
line.  Redirects are handled behind the scenes by libfetch.

> The default behavior already *is* that the sending server has control
> over your local naming.

No.

DES
--=20
Dag-Erling Sm=F8rgrav - des@des.no




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86mzijdkar.fsf>