More reasons why prefixing is good

Inspired by http://www.dwheeler.com/essays/filenames-in-shell.html
2015-02-26 18:25:59 +01:00 · 2015-02-26 18:25:59 +01:00 · 4efe3cf556
parent f980827ba6
commit 4efe3cf556
1 changed files with 5 additions and 0 deletions
--- a/doc/development/shell_commands.md
+++ b/doc/development/shell_commands.md
@ -139,6 +139,11 @@ path = File.join(repo_path, user_input)
 File.read(path)
 ```

+If you have to use user input a relative path, prefix `./` to the path.
+
+Prefixing user-supplied paths also offers extra protection against paths
+starting with `-` (see the discussion about using `--` above).
+
 ## Guard against path traversal

 Path traversal is a security where the program (GitLab) tries to restrict user