diff options
author | Björn Gustavsson <[email protected]> | 2017-02-16 15:55:34 +0100 |
---|---|---|
committer | Björn Gustavsson <[email protected]> | 2017-02-21 09:45:00 +0100 |
commit | 8c7a68f3808a8d52f5cfc297a249ca4ef2480238 (patch) | |
tree | 716f1fb9157b6e46a1d86f78ec646067742475a3 /lib/stdlib/src/shell.erl | |
parent | 381f97b30092624b238a68909855692929d6f8bf (diff) | |
download | otp-8c7a68f3808a8d52f5cfc297a249ca4ef2480238.tar.gz otp-8c7a68f3808a8d52f5cfc297a249ca4ef2480238.tar.bz2 otp-8c7a68f3808a8d52f5cfc297a249ca4ef2480238.zip |
filename: Add safe_relative_path/1
Add safe_relative_path/1 to guard against directory traversal
attacks. It either returns a shorter path without any ".." or
"." components, or 'unsafe' if an ".." component would climb
up above the root of the relative path. Here are a few
examples:
safe_relative_path("a/b/..") => "a"
safe_relative_path("a/..") => ""
safe_relative_path("a/../..") => unsafe
safe_relative_path("/absolute/path") => unsafe
The returned path can be used directly or combined with an
absolute path using filename:join/2.
Diffstat (limited to 'lib/stdlib/src/shell.erl')
0 files changed, 0 insertions, 0 deletions