Merge branch 'shell-paths' into 'master'
More reasons why prefixing is good Inspired by http://www.dwheeler.com/essays/filenames-in-shell.html See merge request !1604
This commit is contained in:
Dmitriy Zaporozhets
commit
70e3409a50
1 changed files with 5 additions and 0 deletions
|
|
@ -139,6 +139,11 @@ path = File.join(repo_path, user_input)
|
|||
File.read(path)
|
||||
```
|
||||
|
||||
If you have to use user input a relative path, prefix `./` to the path.
|
||||
|
||||
Prefixing user-supplied paths also offers extra protection against paths
|
||||
starting with `-` (see the discussion about using `--` above).
|
||||
|
||||
## Guard against path traversal
|
||||
|
||||
Path traversal is a security where the program (GitLab) tries to restrict user
|
||||
|
|
|
|||
Loading…
Reference in a new issue