On Sunday, 9 February 2014 at 21:02:59 UTC, Jeroen Bollen wrote:
I'm building a webserver using the Vibe.d library. Whenever the
user requests a page inside my /images/ folder; I want them to
output this file.
Because there will be a lot of images present, and because
these are likely to change in the future, I would like to just
get the URL from the request, and automatically output the file.
I am aware though, that users could perform tricks like
"images/../../../../sensitive_file_here". In order to prevent
that I would like a solid way of making sure the entered path
is actually inside the images directory.
How do I do this?
I just figured out vibe.d handles this automatically, but I'd
still like to know of a secure way to do this, for future
reference.
