changeset 220:61afe2a1ce96

minor - security git-svn-id: https://luan-java.googlecode.com/svn/trunk@221 21e917c8-12df-6dd8-5cb6-c86387c605b9
author fschmidt@gmail.com <fschmidt@gmail.com@21e917c8-12df-6dd8-5cb6-c86387c605b9>
date Wed, 16 Jul 2014 04:59:45 +0000
parents f9e3e64132e1
children ec016471c6eb
files core/src/luan/modules/IoLuan.java
diffstat 1 files changed, 2 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
diff -r f9e3e64132e1 -r 61afe2a1ce96 core/src/luan/modules/IoLuan.java
--- a/core/src/luan/modules/IoLuan.java	Wed Jul 16 04:53:01 2014 +0000
+++ b/core/src/luan/modules/IoLuan.java	Wed Jul 16 04:59:45 2014 +0000
@@ -526,6 +526,8 @@
 		}
 
 		@Override public void check(LuanState luan,String name) throws LuanException {
+			if( name.contains("..") )
+				throw luan.exception("Security violation - '"+name+"' contains '..'");
 			for( String dir : dirs ) {
 				if( name.startsWith(dir) )
 					return;