Arc Forumnew | comments | leaders | submitlogin
1 point by byronsalty 6079 days ago | link | parent

Within Anarki all the file serving was done out of the special docroot directory (at least it was a month ago). I'm not sure if disallowing "../" is what we want or if it what we really want is to ensure that all file serving comes from that dir.

Thoughts?



3 points by almkglor 6079 days ago | link

Disallowing .. is the easiest solution. Of course, the current solution simply rejects on any ".." including /foo..html and /subdirectory/../foo.html

Hmm probably do something with the Anarki-specific qualified-path instead...

Edit: done and on the git. Assuming you have a directory foo/ on your public_html, you can access favicon.ico by /foo/../favicon.ico

Edit: soft links would probably break though. Edit2: they don't, at least on mzscheme 360 and ubuntu

-----