diff options
Diffstat (limited to 'todo')
-rw-r--r-- | todo | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -144,3 +144,24 @@ dr-x------ 2 65534 65534 40 Nov 24 17:53 .mozilla | |||
144 | 19. Try --overlay on a Ubuntu 14.04 32bit.Without adding --dns, there will be no network connectivity - see issue 151 | 144 | 19. Try --overlay on a Ubuntu 14.04 32bit.Without adding --dns, there will be no network connectivity - see issue 151 |
145 | 145 | ||
146 | 20. blacklist ~/.cache in disable-common.inc??? | 146 | 20. blacklist ~/.cache in disable-common.inc??? |
147 | |||
148 | 21. restrict chars in filenames | ||
149 | |||
150 | try to open url-encoded filenames | ||
151 | |||
152 | const char badChars[] = "-\n\r ,;'\\<\""; | ||
153 | (https://www.securecoding.cert.org/confluence/display/c/MSC09-C.+Character+encoding%3A+Use+subset+of+ASCII+for+safety) | ||
154 | |||
155 | strip = array("~", "`", "!", "@", "#", "$", "%", "^", "&", "*", "(", ")", "_", "=", "+", "[", "{", "]", | ||
156 | "}", "\\", "|", ";", ":", "\"", "'", "‘", "’", "“", "”", "–", "—", | ||
157 | "—", "–", ",", "<", ".", ">", "/", "?"); | ||
158 | (https://github.com/vito/chyrp/blob/35c646dda657300b345a233ab10eaca7ccd4ec10/includes/helpers.php#L516) | ||
159 | |||
160 | $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}"); | ||
161 | (wordpress) | ||
162 | |||
163 | rework the calls to invalid_filename(), depending if globing is allowed or not, include * in the list for non-globing files | ||
164 | |||
165 | The POSIX standard defines what a “portable filename” is. This turns out to be just A-Z, a-z, 0-9, <period>, <underscore>, and <hyphen> | ||
166 | http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_276 | ||
167 | |||