GNOME Bugzilla – Bug 337486
xsltDocumentElem don't unescape filename before operations with file
Last modified: 2006-10-11 09:16:40 UTC
Please describe the problem: I know that @href in exsl:document is an URI. But security check and xsltSaveResultToFilename works with files on filesystem so filename should be escaped: filename = (xmlChar *) xmlURIUnescapeString((const char *)filename,0,NULL); Otherwise libxslt restrict created filenames to ASCII subset :( Steps to reproduce: Actual results: Expected results: Does this happen every time? Other information:
Typo, sorry. Read as: so filename should be UNescaped: filename = (xmlChar *) xmlURIUnescapeString((const char *)filename,0,NULL);
Created attachment 67142 [details] [review] Code cleanup patch for 1.1.17 The real cause is described in the bug #344588, but I've got a patch that streamlines write security checks by elimination of recursive parsing, and potentially buggy repeated unescaping, for directory URIs, and simplifies the code.
Okay bug #344588 should be fixed now, and the patch in #2 looks fine to me, so applied and commited too, thanks ! Daniel