Mercurial Hosting > luan
changeset 220:61afe2a1ce96
minor - security
git-svn-id: https://luan-java.googlecode.com/svn/trunk@221 21e917c8-12df-6dd8-5cb6-c86387c605b9
author | fschmidt@gmail.com <fschmidt@gmail.com@21e917c8-12df-6dd8-5cb6-c86387c605b9> |
---|---|
date | Wed, 16 Jul 2014 04:59:45 +0000 |
parents | f9e3e64132e1 |
children | ec016471c6eb |
files | core/src/luan/modules/IoLuan.java |
diffstat | 1 files changed, 2 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
diff -r f9e3e64132e1 -r 61afe2a1ce96 core/src/luan/modules/IoLuan.java --- a/core/src/luan/modules/IoLuan.java Wed Jul 16 04:53:01 2014 +0000 +++ b/core/src/luan/modules/IoLuan.java Wed Jul 16 04:59:45 2014 +0000 @@ -526,6 +526,8 @@ } @Override public void check(LuanState luan,String name) throws LuanException { + if( name.contains("..") ) + throw luan.exception("Security violation - '"+name+"' contains '..'"); for( String dir : dirs ) { if( name.startsWith(dir) ) return;