Am 15.11.24 um 16:17 schrieb Dominik Csapak: > moves the filepath code a bit more closer to where it's actually used > checks the contained path before trying to find it's absolute path > properly add error handling to realpath > > instead of checking the combined ovf_path + filepath, just make sure > filepath can't point to anythign besides a file in this directory > by checking for '.' and '..' (slashes are not allowed in SAFE_CHAR_CLASS_RE) > > Signed-off-by: Dominik Csapak <d.csa...@proxmox.com>
Reviewed-by: Fiona Ebner <f.eb...@proxmox.com> _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
