Another hint: use File.expand_path(...) and then check the beginning of 
the path matches a particular expression.

target = "/var/tmp/../../etc/passwd"

unless File.expand_path(target).index("/var/tmp/") == 0
  raise "You cannot access that file!!"
end
-- 
Posted via http://www.ruby-forum.com/.