Check if path is child of directory
Jesse Phillips
Jesse.K.Phillips+D at gmail.com
Sun Feb 9 16:44:22 PST 2014
On Sunday, 9 February 2014 at 21:02:59 UTC, Jeroen Bollen wrote:
> I'm building a webserver using the Vibe.d library. Whenever the
> user requests a page inside my /images/ folder; I want them to
> output this file.
>
> Because there will be a lot of images present, and because
> these are likely to change in the future, I would like to just
> get the URL from the request, and automatically output the file.
>
> I am aware though, that users could perform tricks like
> "images/../../../../sensitive_file_here". In order to prevent
> that I would like a solid way of making sure the entered path
> is actually inside the images directory.
>
> How do I do this?
You can remove the directory navigation with
std.path.buildNormalizedPath, not sure the behavior on a relative
path, but you could call std.path.absolutePath first.
More information about the Digitalmars-d-learn
mailing list