Arc Forumnew | comments | leaders | submitlogin
2 points by almkglor 6109 days ago | link | parent

Hmm, it appears that Anarki doesn't disallow ../ - I'll see if this is a problem and if I can fix this later.


1 point by almkglor 6109 days ago | link

Fixed and on the git.

-----

1 point by byronsalty 6109 days ago | link

Within Anarki all the file serving was done out of the special docroot directory (at least it was a month ago). I'm not sure if disallowing "../" is what we want or if it what we really want is to ensure that all file serving comes from that dir.

Thoughts?

-----

3 points by almkglor 6109 days ago | link

Disallowing .. is the easiest solution. Of course, the current solution simply rejects on any ".." including /foo..html and /subdirectory/../foo.html

Hmm probably do something with the Anarki-specific qualified-path instead...

Edit: done and on the git. Assuming you have a directory foo/ on your public_html, you can access favicon.ico by /foo/../favicon.ico

Edit: soft links would probably break though. Edit2: they don't, at least on mzscheme 360 and ubuntu

-----