[5187] Path checks removed in config-write in libprocess

diff --git a/src/lib/process/d_controller.cc b/src/lib/process/d_controller.cc
index 3e05aab24d200c821be685802f87c36426faa7c1..b3254046388468b8fa0c6937dbaaa06a6f1d622c 100644 (file)
--- a/src/lib/process/d_controller.cc
+++ b/src/lib/process/d_controller.cc
@@ -446,26 +446,6 @@ DControllerBase::configWriteHandler(const std::string&,
         }
     }
 
-    // Now do the sanity checks on the filename
-    if (filename.find("..") != std::string::npos) {
-        // Trying to escape the directory.. nope.
-        return (createAnswer(COMMAND_ERROR,
-                             "Using '..' in filename is not allowed."));
-    }
-
-    if (filename.find("\\") != std::string::npos) {
-        // Trying to inject escapes (possibly to inject quotes and something
-        // nasty afterward)
-        return (createAnswer(COMMAND_ERROR,
-                             "Using \\ in filename is not allowed."));
-    }
-
-    if (filename[0] == '/') {
-        // Absolute paths are not allowed.
-        return (createAnswer(COMMAND_ERROR,
-                             "Absolute path in filename is not allowed."));
-    }
-
     // Ok, it's time to write the file.
     size_t size = 0;
     try {