Closed nilclass closed 10 years ago
keybits
commented
11 years ago I am interested in a solution to this. @jcoglan are you considering a workaround? Perhaps as in interim solution it might be possible to allow a restricted set of file extensions (e.g. .md, .html, .txt)? (Although I realise this would not fully support the spec.)
michielbdejong
commented
11 years ago fwiw, https://github.com/michielbdejong/owncloud-owa uses libxattr to store the mimetypes, which is how it's able to use a direct mapping between document URLs and the server's native file system. most other remoteStorage servers use database backends in order to be able to support all necessary kinds of path names
michielbdejong
commented
11 years ago actually, allowing dots and having a direct mapping between document URLs and server file system are two separate issues, even though they both relate to how you map between a URL and a filesystem path. so if you don't want to use extended file attributes, then it would still be possible to invent some sort of mapping that can handle dots, of course.
nilclass
commented
11 years ago @michielbdejong I know this is only partially related to this issue, but what's your opinion on disallowing directories and files with the same name?
michielbdejong
commented
11 years ago @nilclass created https://github.com/remotestorage/spec/issues/6 about that on the spec repo
jcoglan
commented
11 years ago I can't accept this as is because some other things need to be dealt with so that this doesn't introduce security flaws:
/../ segments in the path, to avoid traversal attacksfoo.d would clobber a folder called foo/.jcoglan
commented
10 years ago I'm closing this since the server now allows dots in filenames and has done for some time.
the minimal example, which tries to store /notes/note.txt failed with restore, which returned 400 Bad Request.
there may also be other cases where this breaks.
This change may open a security hole with "../" in the path, didn't check :)