Check if path is child of directory
Jeroen Bollen
jbinero at gmail.com
Mon Feb 10 08:30:41 PST 2014
On Monday, 10 February 2014 at 00:44:23 UTC, Jesse Phillips wrote:
> On Sunday, 9 February 2014 at 21:02:59 UTC, Jeroen Bollen wrote:
>> I'm building a webserver using the Vibe.d library. Whenever
>> the user requests a page inside my /images/ folder; I want
>> them to output this file.
>>
>> Because there will be a lot of images present, and because
>> these are likely to change in the future, I would like to just
>> get the URL from the request, and automatically output the
>> file.
>>
>> I am aware though, that users could perform tricks like
>> "images/../../../../sensitive_file_here". In order to prevent
>> that I would like a solid way of making sure the entered path
>> is actually inside the images directory.
>>
>> How do I do this?
>
> You can remove the directory navigation with
> std.path.buildNormalizedPath, not sure the behavior on a
> relative path, but you could call std.path.absolutePath first.
Would that be relative to the working directory? Would "./../"
still work?
More information about the Digitalmars-d-learn
mailing list