Mercurial > emacs
changeset 69716:73f175471c73
(url-handler-directory-file-name): New handler.
(url-file-local-copy): Plug race condition security hole.
| author | Stefan Monnier <monnier@iro.umontreal.ca> |
|---|---|
| date | Wed, 29 Mar 2006 08:00:09 +0000 |
| parents | b5064b1aca24 |
| children | 8f7fe45e9fe8 |
| files | lisp/url/ChangeLog lisp/url/url-handlers.el |
| diffstat | 2 files changed, 25 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/lisp/url/ChangeLog Tue Mar 28 23:05:01 2006 +0000 +++ b/lisp/url/ChangeLog Wed Mar 29 08:00:09 2006 +0000 @@ -1,3 +1,8 @@ +2006-03-29 Stefan Monnier <monnier@iro.umontreal.ca> + + * url-handlers.el (url-handler-directory-file-name): New handler. + (url-file-local-copy): Plug race condition security hole. + 2006-03-27 Romain Francoise <romain@orebokech.com> * url-irc.el (url-irc-rcirc, url-irc-erc): New functions.
--- a/lisp/url/url-handlers.el Tue Mar 28 23:05:01 2006 +0000 +++ b/lisp/url/url-handlers.el Wed Mar 29 08:00:09 2006 +0000 @@ -151,6 +151,8 @@ (put 'substitute-in-file-name 'url-file-handlers 'url-file-handler-identity) (put 'file-name-absolute-p 'url-file-handlers (lambda (&rest ignored) t)) (put 'expand-file-name 'url-file-handlers 'url-handler-expand-file-name) +(put 'directory-file-name 'url-file-handlers 'url-handler-directory-file-name) +;; (put 'file-name-as-directory 'url-file-handlers 'url-handler-file-name-as-directory) ;; These are operations that we do not support yet (DAV!!!) (put 'file-writable-p 'url-file-handlers 'ignore) @@ -160,10 +162,27 @@ (put 'vc-registered 'url-file-handlers 'ignore) (defun url-handler-expand-file-name (file &optional base) + ;; When we see "/foo/bar" in a file whose working dir is "http://bla/bla", + ;; there are two interpretations possible: either it's a local "/foo/bar" + ;; or it's "http:/bla/foo/bar". When working with URLs, the second + ;; interpretation is the right one, but when working with Emacs file + ;; names, the first is preferred. (if (file-name-absolute-p file) (expand-file-name file "/") (url-expand-file-name file base))) +;; directory-file-name and file-name-as-directory are kind of hard to +;; implement really right for URLs since URLs can have repeated / chars. +;; We'd want the following behavior: +;; idempotence: (d-f-n (d-f-n X) == (d-f-n X) +;; idempotence: (f-n-a-d (f-n-a-d X) == (f-n-a-d X) +;; reversible: (d-f-n (f-n-a-d (d-f-n X))) == (d-f-n X) +;; reversible: (f-n-a-d (d-f-n (f-n-a-d X))) == (f-n-a-d X) +(defun url-handler-directory-file-name (dir) + ;; When there's more than a single /, just don't touch the slashes at all. + (if (string-match "//\\'" dir) dir + (url-run-real-handler 'directory-file-name (list dir)))) + ;; The actual implementation ;;;###autoload (defun url-copy-file (url newname &optional ok-if-already-exists keep-time) @@ -193,7 +212,7 @@ "Copy URL into a temporary file on this machine. Returns the name of the local copy, or nil, if FILE is directly accessible." - (let ((filename (make-temp-name "url"))) + (let ((filename (make-temp-file "url"))) (url-copy-file url filename) filename))