On Sunday, 9 February 2014 at 21:02:59 UTC, Jeroen Bollen wrote:
I'm building a webserver using the Vibe.d library. Whenever the
user requests a page inside my /images/ folder; I want them to
output this file.
Because there will be a lot of images present, and because
these are likely to change in the future, I would like to just
get the URL from the request, and automatically output the file.
I am aware though, that users could perform tricks like
"images/../../../../sensitive_file_here". In order to prevent
that I would like a solid way of making sure the entered path
is actually inside the images directory.
How do I do this?
You can remove the directory navigation with
std.path.buildNormalizedPath, not sure the behavior on a relative
path, but you could call std.path.absolutePath first.
