Last active
November 23, 2017 08:29
-
-
Save ik5/4227657775e94dac40912812d10bd7c0 to your computer and use it in GitHub Desktop.
Example of how to sanitize file names (base, without path) to avoid any malicious actions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # help to avoid path traversal, and execution of anything on a machine | |
| # due to file name | |
| def escape_file_name(name) | |
| # regex is a s follows: | |
| # if it's the begining of the string, or there is no escape char | |
| # for the following chars, | |
| # add an escape for that char | |
| name.gsub(/(^|[^\\])([\s\!\'\"#$&\^\*\`\/\(\)\[\]\?\{\}\|\~])/) do |match| | |
| "\\#{match[1]}" | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment