25 lines
701 B
Plaintext
25 lines
701 B
Plaintext
:title
|
|
route_path_is_safe
|
|
|
|
:sig
|
|
bool route_path_is_safe(String path)
|
|
|
|
:see
|
|
route_path_sanitize
|
|
route_path_normalize
|
|
request_query_path
|
|
request_query_route
|
|
|
|
:content
|
|
Returns whether a normalized route path is safe to use as a route-derived file path segment.
|
|
|
|
A safe route path contains only non-empty segments made from ASCII letters, digits, `_`, and `-`. The segments `.` and `..` are rejected.
|
|
|
|
```cpp
|
|
route_path_is_safe("workspace/projects"); // true
|
|
route_path_is_safe("workspace/../admin"); // false
|
|
route_path_is_safe("view.uce"); // false
|
|
```
|
|
|
|
Most request code should use runtime-populated `context.params["ROUTE_PATH"]` or `request_query_route()` instead of calling this directly.
|