Escaping for paths

Ross Burton ross at
Thu Jun 15 13:02:00 PDT 2006

On Thu, 2006-06-15 at 21:21 +0200, Thiago Macieira wrote:
> The reason why I think it's dangerous is that two different URIs or 
> pathnames could escape to the same object path. For example, imagine I 
> had addressbooks:
>   /home/thiago/address_book-vcf
>   /home/thiago/address_book.vcf
> (that's a Greek alpha and a Greek beta)
> Both would escape to /home/thiago/address_book_vcf or 
> _home_thiago_addres_book_vcf. 

That's not escaping in my mind, as you can't reverse the operation.

> The only solution would be to select one of the characters we have to be 
> an escape character, like % in URIs. The above example would 
> be /home/thiago/address_5fbook_2dvcf 
> and /home/thiago/address_5fbook_2evcf, or 
> _2fhome_2fthiago_2faddress_5fbook_2dvcf and 
> _2fhome_2fthiago_2faddress_5fbook_2evcf. If people push arbitrary data 
> into this function, it would have the potential to increase the length 
> threefold.

The NetworkManager (and thus EDS) code passes through A-Z a-z 0-9 and
everything else is escape as %xx (hex).  This is trivially reversable
and doesn't mangle the data too much.

Ross Burton                                 mail: ross at
                                          jabber: ross at
 PGP Fingerprint: 1A21 F5B0 D8D0 CFE3 81D4 E25A 2D09 E447 D0B4 33DF

More information about the dbus mailing list