apidoc::sanitize_path (private)

 apidoc::sanitize_path [ -prefix prefix ] path

Defined in packages/acs-api-browser/tcl/acs-api-documentation-procs.tcl

Return a sanitized path. Cleans path from directory traversal attacks and checks, if someone tries to access content outside of the specified prefix.

Switches:

-prefix

(defaults to "packages") (optional)

Parameters:

path

Returns:

sanitized path

Partial Call Graph (max 5 caller/called nodes):

Testcases:

No testcase defined.

Source code:

        set path [ns_normalizepath $path]
        if {![string match "/$prefix/*" $path]} {
            set filename "$::acs::rootdir/$path"
            ns_log notice [subst {INTRUDER ALERT:\n\nsomesone tried to snarf '$filename'!
                file exists: [file exists $filename] user_id: [ad_conn user_id] peer: [ad_conn peeraddr]
            }]

            set path $prefix/$path
        }

        return $path

XQL Not present:

Generic, PostgreSQL, Oracle