<div dir="ltr">While not exciting, definitely important. I didn't see anything to comment on in the RFC.<div><br></div><div>Thanks for working on this!</div><div><br></div><div>-Kurt</div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Mon, Jan 13, 2025 at 7:57 AM Even Rouault via gdal-dev <<a href="mailto:gdal-dev@lists.osgeo.org">gdal-dev@lists.osgeo.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><u></u>
<div>
<p>Hi,</p>
<p>nothing exciting, just robustness/enhanced security.<br>
</p>
<p><u></u>RFC 105 text: Add and
use safe path manipulation functions:
<a href="https://github.com/OSGeo/gdal/pull/11640" target="_blank">https://github.com/OSGeo/gdal/pull/11640</a><u></u></p>
<p><u></u>Summary:<br>
<u></u></p>
<p><u></u>This RFC adds safe
versions, for use by C++ code, of all functions of cpl_path.cpp
(such as CPLGetPath(), CPLGetDirname(), CPLGetBasename(),
CPLGetExtension(), CPLGetFormFilename(), CPLGetFormCIFilename(),
etc.), that returns a result stored in more or less ephemeral
storage, to avoid potential security issues related to their
mis-use. It also covers converting most of the code base to the
safer alternatives.<br>
<u></u></p>
<p>Even<br>
</p>
<pre cols="72">--
<a href="http://www.spatialys.com" target="_blank">http://www.spatialys.com</a>
My software is free, but my time generally not.
Butcher of all kinds of standards, open or closed formats. At the end, this is just about bytes.</pre>
</div>
_______________________________________________<br>
gdal-dev mailing list<br>
<a href="mailto:gdal-dev@lists.osgeo.org" target="_blank">gdal-dev@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/gdal-dev" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/gdal-dev</a><br>
</blockquote></div>