On Wed, Apr 28, 1999 at 01:42:48PM +0000, Shao Zhang wrote:
> But it is still not exactly what I want. All the answers used the
> idea to compare the string, but what about
> the following case:
>
> dir1 = "/www/info/world";
> dir2 = "/www/info/world/usa/../../../."
>
> Now, clearly dir1 is a sub directory of dir2. So how do I test. Since
> the security is a big concern of us, we cannot
> afford the case like above.
Is it valid (IE do you have permissions to) cd into the directories in
quesion and then `pwd` to get a cannonical name? (However, this won't work
if directories are hardlinked. Fortunately, IIRC, that isn't possible.)
--
"My friend Data: You see the world with the wonder of a child, and that
makes you more human then any of us."
-=- Lt. Tasha Yar, upon the occasion of her death.
cat /dev/urandom|james --insane=yes > http://www.rtweb.net/theorb/
ICQ: 1293899 AIM: theorbtwo YPager: theorbtwo
