Ola Lundqvist <o...@inguza.com> writes: > My conclusion however is about the same as you. I do not think many are > using the transformations so I think we can safely remove that. > Another option is to make a check for .. in the filename, because I think > we can safely assume an attacher do not have write permission in the > plugins directory, or can that be a problem too?
I would think this should work too. If we are sure we are 100% preventing an attacker "escaping" the plugins directory that is. -- Brian May <b...@debian.org>
