manekineko
23rd April 2010, 00:30
I'm writing an application that can download files, and takes a queue on where to stick the result from the name of the original file, and a user name. This is similar to what many instant messaging clients do with their downloads.
Is there any easier way than listing out potential operating systems with #ifdef clauses to create a directory from an unsanitized string, i.e. the user name?
I'm running into problems because if the strings contain file system special characters (things like : or \ on Windows) the call to mkpath fails. Furthermore, I'm concerned about security, where malicious things like \..\..\..\Windows\command.exe could be slipped in, where nasty files could be downloaded into inappropriate locations.
Is there any easier way than listing out potential operating systems with #ifdef clauses to create a directory from an unsanitized string, i.e. the user name?
I'm running into problems because if the strings contain file system special characters (things like : or \ on Windows) the call to mkpath fails. Furthermore, I'm concerned about security, where malicious things like \..\..\..\Windows\command.exe could be slipped in, where nasty files could be downloaded into inappropriate locations.