Escaping for paths
Ross Burton
ross at burtonini.com
Thu Jun 15 13:02:00 PDT 2006
On Thu, 2006-06-15 at 21:21 +0200, Thiago Macieira wrote:
> The reason why I think it's dangerous is that two different URIs or
> pathnames could escape to the same object path. For example, imagine I
> had addressbooks:
> /home/thiago/address_book-vcf
> /home/thiago/address_book.vcf
> (that's a Greek alpha and a Greek beta)
>
> Both would escape to /home/thiago/address_book_vcf or
> _home_thiago_addres_book_vcf.
That's not escaping in my mind, as you can't reverse the operation.
> The only solution would be to select one of the characters we have to be
> an escape character, like % in URIs. The above example would
> be /home/thiago/address_5fbook_2dvcf
> and /home/thiago/address_5fbook_2evcf, or
> _2fhome_2fthiago_2faddress_5fbook_2dvcf and
> _2fhome_2fthiago_2faddress_5fbook_2evcf. If people push arbitrary data
> into this function, it would have the potential to increase the length
> threefold.
The NetworkManager (and thus EDS) code passes through A-Z a-z 0-9 and
everything else is escape as %xx (hex). This is trivially reversable
and doesn't mangle the data too much.
Ross
--
Ross Burton mail: ross at burtonini.com
jabber: ross at burtonini.com
www: http://www.burtonini.com./
PGP Fingerprint: 1A21 F5B0 D8D0 CFE3 81D4 E25A 2D09 E447 D0B4 33DF
More information about the dbus
mailing list