id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	blockedby	blocking	branch_state	votes
2220	FTP directories containing @ result severe security risks (eg. deletion of homedir)	paulnasca		"If I login to ftp using mc 4.7.0.1 (vfs FTP) and there are directories which contains the ""@"" character inside the directory name, MC treats it like a ""hard link"" which points to the home directory (remote or local - in some cases was remote directory and in other cases local directory). So, if I want to recursively delete that directory I end up recursively deleting the local or remote homedir. This does not happen to older versions of mc.

Steps to reproduce:
1) using a different client log in to your ftp server (with login and password) and create a directory ""test@test.com"" in any subdirectory
2) using midnight commander ftp plugin log in to the same server
3) browse to the ""test@test.com"" and if you enter in that directory, you'll notice that you are in the home directory (or another directory)
4) (don't do this): if you'll recursively delete, you'll end up deleting the whole directory/subdirectories where ""test@test.com"" ""points"" to

I am using Ubuntu 10.4 and mc -V gives this:
GNU Midnight Commander 4.7.0.1
Virtual File System: tarfs, extfs, cpiofs, ftpfs, fish
With builtin Editor
Using system-installed S-Lang library with terminfo database
With subshell support as default
With support for background operations
With mouse support on xterm
With support for X11 events
With internationalization support
With multiple codepages support
Data types: char 8 int 32 long 32 void * 32 off_t 64 ecs_char 8

"	defect	closed	critical	4.8.0-pre1	mc-vfs	4.7.0.1	fixed						
