Why cpg remove "." in directory names? Why cpg remove "." in directory names?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Why cpg remove "." in directory names?

Started by stevekwok, August 09, 2005, 07:24:21 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

stevekwok

in searchnew.php cpg remove all "." in directory names. Is it intentionally?

My utf-8 gentoo linux does allow I put "." in filenames and directory names.

regards,
Steve Kwok

Quotefunction CPGscandir($dir, &$expic_array)
{
    $dir = str_replace(".","" ,$dir);
    static $dir_id = 0;
    static $count = 0;
    static $pic_id = 0;



Joachim Müller

you shouldn't have dots in file or folder names (except the one dot that separates the file name from the extension). Coppermine does this to avoid issues.

stevekwok

Just curious!! Why?

Even coppermine release is named "cpg1.3.3.zip" <- a lot of dots.

Regards,
Steve

donnoman

part of it is just to normalize the name and prevent problems. The other part is security, its a way to avoid people screwing around with things like ./../../../../filename.jpg which might be out of the document root or to cause coppermine to retrieve files such as ../../../../etc/passwd from a poorly configured linux host.