https://bugzilla.novell.com/show_bug.cgi?id=179623 s.handgraaf@xs4all.nl changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|s.handgraaf@xs4all.nl | ------- Comment #7 from s.handgraaf@xs4all.nl 2006-12-06 09:25 MST ------- The solution seems to me the system should first checks the format of the user input instead of just encoding the starting / sign and adding the / sign again at the start. example 1, current situation: user input: /path/name/to/source system now converts to: /%2Fpath/name/to/source example 2, current situation: user input: path/name/to/source system now converts to: /path/name/to/source example 3, proposed situation, validation befor encoding and adding / sign: user input: /path/name/to/source system does no conversion: /path/name/to/source example 4, proposed situation, no change, but due to validation: user input: path/name/to/source system converts to: /path/name/to/source I did not yet validate how it handles input like "/nice/../../../path/to/source", but imho a validation process should also cover these to convert to a safe, shortest and user friendly readable absolute path. "/path/to/source" instead of something like "/%2fnice%2f%2e%2e%2f%2e%2e%2f%2e%2e$2fpath/to/source" -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.