reenable ".." in get_binary_file_location

this was also how ".." behaved in the old code.
wesnoth · Oct 26, 2014 · c2f6072 · c2f6072
1 parent 5db8126
commit c2f6072
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/src/filesystem_boost.cpp b/src/filesystem_boost.cpp
@@ -830,6 +830,16 @@ const std::vector<std::string>& get_binary_paths(const std::string& type)
 
 std::string get_binary_file_location(const std::string& type, const std::string& filename)
 {
+	// We define ".." as "remove everything before" this is needed becasue 
+	// on the one hand allowing ".." would be a security risk but 
+	// especialy for terrains the c++ engine puts a hardcoded "terrain/" before filename
+	// and there would be no way to "escape" from "terrain/" otherwise. This is not the 
+	// best solution but we cannot remove it without another solution (subtypes maybe?).
+
+	// using 'for' instead 'if' to allow putting delcaration and check into the brackets
+	for(std::string::size_type pos = filename.rfind("../"); pos != std::string::npos;)
+		return get_binary_file_location(type, filename.substr(pos + 3));
+
 	if (!is_legal_file(filename))
 		return std::string();