fix associatedfile sanity check

It seems best to require that the file just be relative, and not some ../ trick.

git-annex-shell sendkey and recvkey both update transfer information now

1 files changed, 5 insertions, 5 deletions

diff --git a/Fields.hs b/Fields.hs
index 08189cbdf..38427ad05 100644
--- a/Fields.hs
+++ b/Fields.hs
@@ -15,18 +15,18 @@ import Data.Char
 {- A field, stored in Annex state, with a value sanity checker. -}
 data Field = Field
 	{ fieldName :: String
-	, fieldCheck :: String -> IO Bool
+	, fieldCheck :: String -> Bool
 	}
 
 remoteUUID :: Field
 remoteUUID = Field "remoteuuid" $
 	-- does it look like a UUID?
-	return . all (\c -> isAlphaNum c || c == '-')
+	all (\c -> isAlphaNum c || c == '-')
 
 associatedFile :: Field
-associatedFile = Field "associatedfile" $ \value ->
-	-- is the file located within the current directory?
-	dirContains <$> getCurrentDirectory <*> pure value
+associatedFile = Field "associatedfile" $ \f ->
+	-- is the file a safe relative filename?
+	not (isAbsolute f) && not ("../" `isPrefixOf` f)
 
 getField :: Field -> Annex (Maybe String)
 getField = Annex.getField . fieldName