Arc Forumnew | comments | leaders | submitlogin
2 points by lojic 6111 days ago | link | parent

Is it specifically disallowing this? Otherwise, I would think it would be transparent for the most part.


2 points by kens2 6111 days ago | link

Yes, it rejects any path with a slash. I assume this is partially for security reasons (/../../../../../etc/passwd)

-----

4 points by lojic 6111 days ago | link

I can see rejecting .. to disallow access above the tree, but rejecting / doesn't make any sense to me. So we have to just plop everything down in one directory? If so, that's ridiculous. I think I need to be less critical of the forkers.

-----

4 points by almkglor 6110 days ago | link

Hehehehe. It's not that we're deliberately forking off - it's more that:

1. pg has been talking about this language for years

2. he has built up a big fan club

3. he released arc in a "not-quite-done" state and unleashed a firestorm of third-party fixes

4. he hasn't updated arc again for more than a month or so.

So yes, although we're not deliberately forking off, I fear this is just what will happen unless pg updates us all again within the next few months, or puts major parts of Anarki in Arc3.

-----

4 points by lojic 6110 days ago | link

Yeah, I guess it's a case of "I'm the leader, which way did they go?" :)

-----

2 points by stefano 6110 days ago | link

I completely agree.

-----

2 points by kens2 6111 days ago | link

The code that rejects slashes is in srv.arc: gifname and static-filetype. So static files with slashes are rejected.

-----

2 points by almkglor 6111 days ago | link

Hmm, it appears that Anarki doesn't disallow ../ - I'll see if this is a problem and if I can fix this later.

-----

1 point by almkglor 6110 days ago | link

Fixed and on the git.

-----

1 point by byronsalty 6110 days ago | link

Within Anarki all the file serving was done out of the special docroot directory (at least it was a month ago). I'm not sure if disallowing "../" is what we want or if it what we really want is to ensure that all file serving comes from that dir.

Thoughts?

-----

3 points by almkglor 6110 days ago | link

Disallowing .. is the easiest solution. Of course, the current solution simply rejects on any ".." including /foo..html and /subdirectory/../foo.html

Hmm probably do something with the Anarki-specific qualified-path instead...

Edit: done and on the git. Assuming you have a directory foo/ on your public_html, you can access favicon.ico by /foo/../favicon.ico

Edit: soft links would probably break though. Edit2: they don't, at least on mzscheme 360 and ubuntu

-----