Vinzent, i dont know why you need to check the filename - would fileexists() be enough ? - but i suspect that you already know about that function, so, if you need something more complex, i *feel* that it is something related to security.
Supose you wrote a webserver (or whatever thing similar for that matter) and you need to be sure that users can only access files located at c:\htmlpages. This is a security risk, because, if the function isnt almost perfect, someone could end up reading the passwords file (security.sam on windows ? whatever im not a windows programmer) or rewriting criticial files on a system. I believe that you already know that, but thats why i asked if others are considering the security risk involved in filenames. For evidence sake look at this old IIS bug : http://www.hackingspirits.com/eth-hac/papers/iis_uni.html Morale : Filenames can be nasty and filename checking functions tend to be complex... You will need one function for each freepascal target (If you aim at portability). I believe this can be solved by writing a parser (using a BNF notation of the target filesystem structuring) and a interpreter to expand all the macros possible, without letting the OS even come close to the filename before its sanitized. That, if i understood your question correctly. Sorry if i misunderstood. On a side note : I believe FreePascal should add such filename sanityzing function on future versions (a multiplatform one) to avoid this. 2012/9/15 Vinzent Höfler <jellyfish.softw...@gmx.net>: > On Sat, 15 Sep 2012 11:20:53 +0200, Sven Barth <pascaldra...@googlemail.com> > wrote: > >> On 14.09.2012 17:44, Graeme Geldenhuys wrote: >>> >>> On 14/09/12 13:48, Krzysztof wrote: >>>> >>>> I just quicky googled not allowed characters and wrote this simple >>>> function: >>> >>> >>> Also in Windows (as far as I know), file names my not be longer than 255 >>> characters. So you will have to check the length of AFilename parameter >>> too. >> >> >> It depends. If you use normal "C:\bla\bla" notation you are right, but if >> you access the NT namespace (which you can do from within the WinAPI) you >> can use paths with up to 32767 characters. You need to use this notation >> though: "\\?\C:\bla\bla" (in this case you MUST use "\" though as "/" is not >> converted here). > > > Careful. There's a difference between file/component length and path length. > > >> For more information see here: >> http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx#maxpath > > > |This type of path is composed of components separated by backslashes, > |each up to the value returned in the lpMaximumComponentLength parameter > |of the GetVolumeInformation function (this value is commonly 255 > characters). > > So, although the path may be up to 32767 characters in length, each > component > of the path can no longer than 255 characters. This includes the file name. > > > Vinzent. > > -- > The most likely way for the world to be destroyed, most experts agree, > is by accident. That's where we come in; we're computer professionals. > We cause accidents. > -- Nathaniel Borenstein > > _______________________________________________ > fpc-pascal maillist - fpc-pascal@lists.freepascal.org > http://lists.freepascal.org/mailman/listinfo/fpc-pascal _______________________________________________ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-pascal
