diff options
| -rw-r--r-- | Storage/Local.hs | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/Storage/Local.hs b/Storage/Local.hs index 510b8ef..e8f6010 100644 --- a/Storage/Local.hs +++ b/Storage/Local.hs @@ -120,8 +120,11 @@ shareDir (Section section) = do u <- getUserEntryForID =<< getEffectiveUserID return $ homeDirectory u </> dotdir </> section +-- | The takeFileName ensures that, if the StorableObjectIdent somehow +-- contains a path (eg starts with "../" or "/"), it is not allowed +-- to point off outside the shareDir. shareFile :: StorableObjectIdent -> FilePath -shareFile i = U8.toString (toByteString i) <> ext +shareFile i = takeFileName (U8.toString (toByteString i)) <> ext fromShareFile :: FilePath -> Maybe StorableObjectIdent fromShareFile f |