Removing illegal character list for filenames.

clearlinux / swupd-server

Software update server (deprecated)

Other

13 stars 17 forks source link

Removing illegal character list for filenames. #18

Closed jrguzman-intel closed 7 years ago

jrguzman-intel commented 8 years ago

After replacing system() for system_argv() calls, no more filter for special characteres needed for filenames.

-> This patch must be merged after pull request #16 <-

Signed-off-by: Jose R Guzman jose.r.guzman.mosqueda@intel.com

phmccarty commented 8 years ago

+1, pending the changes from #16 being merged.

phmccarty commented 8 years ago

This change also requires a format bump, because the system() calls need removing in swupd-client first, as addressed in clearlinux/swupd-client#74

phmccarty commented 7 years ago

The blocking client changes are now tracked at clearlinux/swupd-client#144.

phmccarty commented 7 years ago

I'm reconsidering this patch. It's true that by removing the use of system() in swupd-client, the special characters interpreted by the shell no longer need to be filtered out from manifests. But I think we should still ban characters if they compromise manifest structure.

Namely, I think we should ban '\n', since the files in a manifest are newline-separated.

tmarcu commented 7 years ago

https://github.com/clearlinux/swupd-server/pull/16 must be discussed first.

tmarcu commented 7 years ago

Not merging due to https://github.com/clearlinux/swupd-client/pull/144.

phmccarty commented 7 years ago

@tmarcu I think we need to open a new issue, because the illegal character list requires revision. At minimum, we need to add '\n' to the list, because its presence would corrupt manifest structure.