[OWASP-ESAPI] Suggestions from the field...
jim.manico at owasp.org
Mon Dec 21 20:47:45 EST 2009
The getValidFileName method does not validate that the file exists
within a specified safe parent directory. This protection is provided
in the getValidDirectoryPath method. This seems like a critical
vulnerability to protect against for filePaths....
How about adding a new getValidFilePath method that provides this
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-ESAPI