Permalink
Browse files

Don't allow saving to filenames starting with '.' suggested by server

  • Loading branch information...
1 parent 0d33cd8 commit f97f339f552666ef79cdd2cf2a44032cf206bb6e @gisle committed Jan 11, 2010
Showing with 3 additions and 1 deletion.
  1. +3 −1 bin/lwp-download
View
@@ -138,7 +138,9 @@ my $res = $ua->request(HTTP::Request->new(GET => $url),
# validate that we don't have a harmful filename now. The server
# might try to trick us into doing something bad.
if (!length($file) ||
- $file =~ s/([^a-zA-Z0-9_\.\-\+\~])/sprintf "\\x%02x", ord($1)/ge)
+ $file =~ s/([^a-zA-Z0-9_\.\-\+\~])/sprintf "\\x%02x", ord($1)/ge ||
+ $file =~ /^\./
+ )
{
die "Will not save <$url> as \"$file\".\nPlease override file name on the command line.\n";
}

0 comments on commit f97f339

Please sign in to comment.