TiddlyServer create directory security bug

[Arlen Beiler]

Hi Everyone,

I've fixed it in master and I'll publish a fix tomorrow, but I just realized that the create directory function in the directory index page does not check the folder name before creating it, which means that any relative path will create a folder as long as it doesn't exist. So it's not much of a security risk, because it will fail if the folder already exists, but I thought I should mention it. I'm assuming no one has this feature enabled for the public anyway, so it shouldn't be much of an issue. 

Also, a week ago I discovered that I had not sufficiently checked the login cookie suffix and an empty suffix would have slipped through, but as no one has really been using this feature yet I don't think that would have affected anyone. Just use at least 2.1.5 and you'll be fine. I'm glad I'm catching bugs. Just thought I should let everyone know since these slipped through. 

Arlen

[TonyM]

Arlen

Thanks for being responsible for potential risks.

Love your work

Tony