Brian Candler wrote:
> Another hint: use File.expand_path(...) and then check the beginning of 
> the path matches a particular expression.
> 
> target = "/var/tmp/../../etc/passwd"
> 
> unless File.expand_path(target).index("/var/tmp/") == 0
>   raise "You cannot access that file!!"

Reimplement OS permissions in Ruby?  Why?

> end

Best,
--
Marnen Laibow-Koser
http://www.marnen.org
marnen / marnen.org
-- 
Posted via http://www.ruby-forum.com/.