~ chicken-core (chicken-5) 78efcaa0773fc0ab88ceb83b845b3261ae07d9e2

commit 78efcaa0773fc0ab88ceb83b845b3261ae07d9e2
Author:     felix <felix@call-with-current-continuation.org>
AuthorDate: Fri Mar 2 12:02:35 2012 +0100
Commit:     Christian Kellermann <ckeen@pestilenz.org>
CommitDate: Mon Apr 16 14:40:34 2012 +0200

    check egg-name in setup-download
    
    Signed-off-by: Christian Kellermann <ckeen@pestilenz.org>

diff --git a/setup-download.scm b/setup-download.scm
index 9619d80a..ec94ac3b 100644
--- a/setup-download.scm
+++ b/setup-download.scm
@@ -417,10 +417,21 @@
 		 (read-line in)
 		 (get-chunks (cons chunk data)) ) ) ) ) ))
 
+  (define slashes (char-set #\\ #\/))
+
+  (define (valid-extension-name? name)
+    (and (not (member name '("" ".." ".")))
+	 (not (string-index name slashes))))
+
+  (define (check-egg-name name)
+    (unless (valid-extension-name? name)
+      (error "invalid extension name" name)))
+
   (define (retrieve-extension name transport location
                               #!key version quiet destination username password tests
 			      proxy-host proxy-port proxy-user-pass
 			      trunk (mode 'default) clean)
+    (check-egg-name name)
     (fluid-let ((*quiet* quiet)
 		(*trunk* trunk)
 		(*mode* mode))
@@ -448,6 +459,7 @@
 	 (error "cannot list extensions - unsupported transport" transport) ) ) ) )
 
   (define (list-extension-versions name transport location #!key quiet username password)
+    (check-egg-name name)
     (fluid-let ((*quiet* quiet))
       (case transport
 	((local)