Date: Mon, 29 Mar 1999 00:22:25 +0200 From: Wolfram Schneider <wosch@panke.de.freebsd.org> To: Chuck Robey <chuckr@mat.net>, Rich Morin <rdm@cfcl.com> Cc: ports@FreeBSD.ORG Subject: Re: Ports Collection nits Message-ID: <19990329002225.49572@panke.de.freebsd.org> In-Reply-To: <Pine.BSF.4.10.9903202018420.1893-100000@picnic.mat.net>; from Chuck Robey on Sat, Mar 20, 1999 at 08:26:34PM -0500 References: <v04020a09b319f5bbb562@ip030.cfcl.com> <Pine.BSF.4.10.9903202018420.1893-100000@picnic.mat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1999-03-20 20:26:34 -0500, Chuck Robey wrote:
> > The snapshot I discuss below was downloaded from ftp.cdrom.com on
> > 19990318. If you want a copy of the (rather primitive :-) script I
> > am using to check things out, let me know...
> >
> > * Quite a few of the path names from the second and fourth fields of
> > the INDEX file (e.g., .../print/c2ps-a4/../c2ps-letter/pkg/DESCR)
> > contain the string "../". This seems unnecessarily convoluted. Is
> > there a functional reason for this or is it just an artifact (e.g.,
> > of a moved directory or a spin-off package)?
>
> This is because those paths are often assembled piece by piece from
> parts, and one of those parts has ".." in it in a context where it does
> make sense. The ".." doesn't cause any harm, so no one is terribly
> interested in fixing it (seeing as making a fix may well break something
> that uses one of the constituent path parts).
Uh, '../' are evil for cgi scripts arguments ;-{
It makes the security checks complicated.
I hope I fixed the '..' in http://www.freebsd.org/cgi/ports.cgi
and the other ports cgi scripts (pds.cgi, url.cgi).
--
Wolfram Schneider <wosch@freebsd.org> http://wolfram.schneider.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990329002225.49572>