[Tutor] I need help slicing.
Danny Yoo
dyoo@hkn.eecs.berkeley.edu
Fri, 12 Jul 2002 13:53:11 -0700 (PDT)
> Yes. I thought about the os module. But all of the paths in the
> querystrings will be relative. For example:
No problem: there's a function in os.path called abspath() that will turn
relative urls into absolute ones, so that you can even deal with stuff
like '../../../etc/../etc/passwd':
###
>>> print os.path.abspath('../../etc/../etc/passwd')
/etc/passwd
###
If you do everything with absolute paths, that may simplify your problem.
> So my thought was either write the script to limit all filenames to
> files in this relative directory or to use splicing to verify the file
> extension. Does this sound like a secure enough method?
File extension doesn't sound too safe, but limiting access to a certain
directory sounds sorta ok. Just make sure to use os.path.abspath(), to
pacify weird relative paths into absolute ones.
Hope this helps!