forbid package file paths . and ..

[zpackage] / db.sql

diff --git a/db.sql b/db.sql
index 42eeb067cc0a824de9204613bf74a520ba9ca0af..b1343d00a3b6a7f829452af0868f1de2c04798e1 100644 (file)
--- a/db.sql
+++ b/db.sql
@@ -157,6 +157,7 @@ create table packagefiles (
        check (not (filetype = 'h' and target is null)),
        check (target is null or length(target) between 1 and 4095),
        check (hash is null or length(hash) between 1 and 1024),
+       check (path not in ('.', '..')),
        check (not (filetype = 'r' and hash is null)),
        check (not (filetype = 'c' and device is null)),
        check (not (filetype = 'b' and device is null)),