diff options
author | Björn Gustavsson <[email protected]> | 2017-02-24 10:19:05 +0100 |
---|---|---|
committer | Björn Gustavsson <[email protected]> | 2017-02-24 10:19:05 +0100 |
commit | 39b43dd10605f60d580ba9a73136713a776c635d (patch) | |
tree | 3e9f06cc4052bfb6da26767411458332abb42b36 /lib/stdlib/doc/src/filename.xml | |
parent | 4f83fcd6ea5ff5bfa68f23cd34550b4705d17574 (diff) | |
parent | 133645d9a24e6a6d7123370ef332ca478598040e (diff) | |
download | otp-39b43dd10605f60d580ba9a73136713a776c635d.tar.gz otp-39b43dd10605f60d580ba9a73136713a776c635d.tar.bz2 otp-39b43dd10605f60d580ba9a73136713a776c635d.zip |
Merge branch 'maint'
* maint:
filename: Add safe_relative_path/1
Conflicts:
lib/stdlib/src/filename.erl
Diffstat (limited to 'lib/stdlib/doc/src/filename.xml')
-rw-r--r-- | lib/stdlib/doc/src/filename.xml | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/lib/stdlib/doc/src/filename.xml b/lib/stdlib/doc/src/filename.xml index 7acef51ca1..0ccca37a9d 100644 --- a/lib/stdlib/doc/src/filename.xml +++ b/lib/stdlib/doc/src/filename.xml @@ -513,6 +513,33 @@ true </func> <func> + <name name="safe_relative_path" arity="1"/> + <fsummary>Sanitize a relative path to avoid directory traversal attacks.</fsummary> + <desc> + <p>Sanitizes the relative path by eliminating ".." and "." + components to protect against directory traversal attacks. + Either returns the sanitized path name, or the atom + <c>unsafe</c> if the path is unsafe. + The path is considered unsafe in the following circumstances:</p> + <list type="bulleted"> + <item><p>The path is not relative.</p></item> + <item><p>A ".." component would climb up above the root of + the relative path.</p></item> + </list> + <p><em>Examples:</em></p> + <pre> +1> <input>filename:safe_relative_path("dir/sub_dir/..").</input> +"dir" +2> <input>filename:safe_relative_path("dir/..").</input> +[] +3> <input>filename:safe_relative_path("dir/../..").</input> +unsafe +4> <input>filename:safe_relative_path("/abs/path").</input> +unsafe</pre> + </desc> + </func> + + <func> <name name="split" arity="1"/> <fsummary>Split a filename into its path components.</fsummary> <desc> |