uce/site/doc/pages/route_path_is_safe.txt

25 lines
701 B
Plaintext

:title
route_path_is_safe
:sig
bool route_path_is_safe(String path)
:see
route_path_sanitize
route_path_normalize
request_query_path
request_query_route
:content
Returns whether a normalized route path is safe to use as a route-derived file path segment.
A safe route path contains only non-empty segments made from ASCII letters, digits, `_`, and `-`. The segments `.` and `..` are rejected.
```cpp
route_path_is_safe("workspace/projects"); // true
route_path_is_safe("workspace/../admin"); // false
route_path_is_safe("view.uce"); // false
```
Most request code should use runtime-populated `context.params["ROUTE_PATH"]` or `request_query_route()` instead of calling this directly.