Web vulnerabilities caused by path separators "and "/"

This is not a serious problem whether it is the path separator "" in windows or "/" in linux, but there will be a huge "bug" at the web level ", if this problem is not considered in web development, a very serious bug may occur.

In VC code, \ is an escape character, which represents one, just as \ n represents a carriage return. So the path name in C is D: estest.txt.
Should be:
 
CString filename = _ T ("D: \ test \ test.txt ");
 
Or
 
CString filename = _ T ("D:/test/test.txt ");
 
"./" Does not add and both are the same, that is, the current directory
"../" Indicates the parent directory of the current directory, that is, the parent directory of the current directory. A forward slash, also known as a left slash, indicates "/". It is also called a right slash and indicates "".
 
 
In Unix/Linux, the path separation adopts the forward slash "/", for example, "/home/test". In Windows, the path separation adopts the Backslash "", for example, "C: WindowsSystem ".
Sometimes we can see the path Writing Method "C: \ Windows \ System", that is, using two backslashes to separate paths. This method is often seen in network applications or programming, in fact, the above path can be replaced by "C:/Windows/System" without errors. However, if you write "C: WindowsSystem", there may be various strange errors. In fact, this is caused by escape characters.
 
 
If the web uses "/" for processing, you can use "" for processing bypass. Otherwise, vice versa. At present, many codes do not fully consider this situation in "some" scenarios, so there are still many vulnerabilities.
The fck editor vulnerability found today is caused by path processing issues. It can be uploaded to any writable location to solve the problem that the directory has no permission, if the latest ck is also handled in the previous way, the vulnerability still exists. You can also perform mining on your own.