Skip to content

Commit

Permalink
Fix issue 150: fix path traversal path on renaming
Browse files Browse the repository at this point in the history
  • Loading branch information
giampaolo committed Jan 14, 2011
1 parent a225e59 commit 07cdcdb
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 2 additions & 0 deletions HISTORY
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@ Bugfixes:
* Issue #146: SIZE and MDTM commands are now rejected unless the "l" permission
has been specified for the user.

* Issue #150: path traversal bug: it is possible to move/rename a file outside
of the user home directory.

Major API changes since 0.5.2

Expand Down
2 changes: 1 addition & 1 deletion pyftpdlib/ftpserver.py
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@
'RETR' : dict(perm='r', auth=True, arg=True, help='Syntax: RETR <SP> file-name (retrieve a file).'),
'RMD' : dict(perm='d', auth=True, arg=True, help='Syntax: RMD <SP> dir-name (remove directory).'),
'RNFR' : dict(perm='f', auth=True, arg=True, help='Syntax: RNFR <SP> file-name (file renaming (source name)).'),
'RNTO' : dict(perm=None, auth=True, arg=True, help='Syntax: RNTO <SP> file-name (file renaming (destination name)).'),
'RNTO' : dict(perm='f', auth=True, arg=True, help='Syntax: RNTO <SP> file-name (file renaming (destination name)).'),
'SITE' : dict(perm=None, auth=False, arg=True, help='Syntax: SITE <SP> site-command (execute the specified SITE command).'),
'SITE HELP' : dict(perm=None, auth=False, arg=None, help='Syntax: SITE HELP [<SP> site-command] (show SITE command help).'),
'SIZE' : dict(perm='l', auth=True, arg=True, help='Syntax: HELP <SP> file-name (get file size).'),
Expand Down

0 comments on commit 07cdcdb

Please sign in to comment.