# HG changeset patch # User Stefan Monnier # Date 1143619209 0 # Node ID 73f175471c7300f44081492db4814e5df482e43e # Parent b5064b1aca242f093142389105a69e6bfab0fc09 (url-handler-directory-file-name): New handler. (url-file-local-copy): Plug race condition security hole. diff -r b5064b1aca24 -r 73f175471c73 lisp/url/ChangeLog --- a/lisp/url/ChangeLog Tue Mar 28 23:05:01 2006 +0000 +++ b/lisp/url/ChangeLog Wed Mar 29 08:00:09 2006 +0000 @@ -1,3 +1,8 @@ +2006-03-29 Stefan Monnier + + * url-handlers.el (url-handler-directory-file-name): New handler. + (url-file-local-copy): Plug race condition security hole. + 2006-03-27 Romain Francoise * url-irc.el (url-irc-rcirc, url-irc-erc): New functions. diff -r b5064b1aca24 -r 73f175471c73 lisp/url/url-handlers.el --- a/lisp/url/url-handlers.el Tue Mar 28 23:05:01 2006 +0000 +++ b/lisp/url/url-handlers.el Wed Mar 29 08:00:09 2006 +0000 @@ -151,6 +151,8 @@ (put 'substitute-in-file-name 'url-file-handlers 'url-file-handler-identity) (put 'file-name-absolute-p 'url-file-handlers (lambda (&rest ignored) t)) (put 'expand-file-name 'url-file-handlers 'url-handler-expand-file-name) +(put 'directory-file-name 'url-file-handlers 'url-handler-directory-file-name) +;; (put 'file-name-as-directory 'url-file-handlers 'url-handler-file-name-as-directory) ;; These are operations that we do not support yet (DAV!!!) (put 'file-writable-p 'url-file-handlers 'ignore) @@ -160,10 +162,27 @@ (put 'vc-registered 'url-file-handlers 'ignore) (defun url-handler-expand-file-name (file &optional base) + ;; When we see "/foo/bar" in a file whose working dir is "http://bla/bla", + ;; there are two interpretations possible: either it's a local "/foo/bar" + ;; or it's "http:/bla/foo/bar". When working with URLs, the second + ;; interpretation is the right one, but when working with Emacs file + ;; names, the first is preferred. (if (file-name-absolute-p file) (expand-file-name file "/") (url-expand-file-name file base))) +;; directory-file-name and file-name-as-directory are kind of hard to +;; implement really right for URLs since URLs can have repeated / chars. +;; We'd want the following behavior: +;; idempotence: (d-f-n (d-f-n X) == (d-f-n X) +;; idempotence: (f-n-a-d (f-n-a-d X) == (f-n-a-d X) +;; reversible: (d-f-n (f-n-a-d (d-f-n X))) == (d-f-n X) +;; reversible: (f-n-a-d (d-f-n (f-n-a-d X))) == (f-n-a-d X) +(defun url-handler-directory-file-name (dir) + ;; When there's more than a single /, just don't touch the slashes at all. + (if (string-match "//\\'" dir) dir + (url-run-real-handler 'directory-file-name (list dir)))) + ;; The actual implementation ;;;###autoload (defun url-copy-file (url newname &optional ok-if-already-exists keep-time) @@ -193,7 +212,7 @@ "Copy URL into a temporary file on this machine. Returns the name of the local copy, or nil, if FILE is directly accessible." - (let ((filename (make-temp-name "url"))) + (let ((filename (make-temp-file "url"))) (url-copy-file url filename) filename))