Class: File

Inherits:

Object

Object
File

show all

Defined in:: lib/file_extensions.rb

Constant Summary collapse

TraversalException =

Class.new(StandardError)

Class Method Summary collapse

.safe_join(root_path, *segments) ⇒ Object

Returns a String containing the path to the specified file with the guarantee that the resulting file path is a subdirectory of the source path.

Class Method Details

.safe_join(root_path, *segments) ⇒ `Object`

Returns a String containing the path to the specified file with the guarantee that the resulting file path is a subdirectory of the source path. This avoids tricks like specifiying “../../../../../../etc/passwd” in the filename part

Raises:

(TraversalException)

# File 'lib/file_extensions.rb', line 10

def self.safe_join(root_path, *segments)
  clean_path = Pathname(root_path).cleanpath

  new_path = clean_path
  Array(segments).each { |segment| new_path += segment.to_s }

  new_path.ascend { |path| return new_path.to_s if (path == clean_path) }

  raise TraversalException
end

Class: File

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.safe_join(root_path, *segments) ⇒ Object

.safe_join(root_path, *segments) ⇒ `Object`