aboutsummaryrefslogtreecommitdiffstats
path: root/lib/stdlib/doc/src/filename.xml
diff options
context:
space:
mode:
authorBjörn Gustavsson <[email protected]>2017-02-24 10:19:05 +0100
committerBjörn Gustavsson <[email protected]>2017-02-24 10:19:05 +0100
commit39b43dd10605f60d580ba9a73136713a776c635d (patch)
tree3e9f06cc4052bfb6da26767411458332abb42b36 /lib/stdlib/doc/src/filename.xml
parent4f83fcd6ea5ff5bfa68f23cd34550b4705d17574 (diff)
parent133645d9a24e6a6d7123370ef332ca478598040e (diff)
downloadotp-39b43dd10605f60d580ba9a73136713a776c635d.tar.gz
otp-39b43dd10605f60d580ba9a73136713a776c635d.tar.bz2
otp-39b43dd10605f60d580ba9a73136713a776c635d.zip
Merge branch 'maint'
* maint: filename: Add safe_relative_path/1 Conflicts: lib/stdlib/src/filename.erl
Diffstat (limited to 'lib/stdlib/doc/src/filename.xml')
-rw-r--r--lib/stdlib/doc/src/filename.xml27
1 files changed, 27 insertions, 0 deletions
diff --git a/lib/stdlib/doc/src/filename.xml b/lib/stdlib/doc/src/filename.xml
index 7acef51ca1..0ccca37a9d 100644
--- a/lib/stdlib/doc/src/filename.xml
+++ b/lib/stdlib/doc/src/filename.xml
@@ -513,6 +513,33 @@ true
</func>
<func>
+ <name name="safe_relative_path" arity="1"/>
+ <fsummary>Sanitize a relative path to avoid directory traversal attacks.</fsummary>
+ <desc>
+ <p>Sanitizes the relative path by eliminating ".." and "."
+ components to protect against directory traversal attacks.
+ Either returns the sanitized path name, or the atom
+ <c>unsafe</c> if the path is unsafe.
+ The path is considered unsafe in the following circumstances:</p>
+ <list type="bulleted">
+ <item><p>The path is not relative.</p></item>
+ <item><p>A ".." component would climb up above the root of
+ the relative path.</p></item>
+ </list>
+ <p><em>Examples:</em></p>
+ <pre>
+1> <input>filename:safe_relative_path("dir/sub_dir/..").</input>
+"dir"
+2> <input>filename:safe_relative_path("dir/..").</input>
+[]
+3> <input>filename:safe_relative_path("dir/../..").</input>
+unsafe
+4> <input>filename:safe_relative_path("/abs/path").</input>
+unsafe</pre>
+ </desc>
+ </func>
+
+ <func>
<name name="split" arity="1"/>
<fsummary>Split a filename into its path components.</fsummary>
<desc>