Date: Fri, 12 Feb 1999 12:04:56 +0000
From: Jerome ALET <alet@unice.fr>
To: htdig3-dev@htdig.org
Subject: [htdig3-dev] [PATCH] to htsearch.cc 1.24

Hi,

a small patch to allow '.' in the config filenames while being still
secure because Geoff told me it was the reason of the:

! strchr(input[config], '.')

test in htsearch.cc

my patch allows people to use config filenames like:

htdig-server.domain.com.conf

while rejecting config filenames which contains '.' in order to access
to a different directory.

bye,

--- htsearch.cc.old	Fri Feb 12 12:45:29 1999
+++ htsearch.cc	Fri Feb 12 12:49:26 1999
@@ -127,7 +127,7 @@ main(int ac, char **av)
     //
     config.Defaults(&defaults[0]);
     if (!override_config && input.exists("config") 
-	&& !strchr(input["config"], '.'))
+	&& (strstr(input["config"], "./") == NULL)) // To allow . in filename while still being 'secure', e.g. htdig-f.q.d.n.conf
     {
 	char	*configDir = getenv("CONFIG_DIR");
 	if (configDir)