|Think about Loose Coupling|
Simple Path Cleanupby wesley.spikes (Initiate)
|on May 10, 2009 at 08:13 UTC||Need Help??|
wesley.spikes has asked for the
wisdom of the Perl Monks concerning the following question:
I know this is probably fairly simple, but I was unable to find any information about this topic (more likely than not, I just didn't know how to word it such that search engines would share the love).
How can I clean up a path name to sanity check it? As a preliminary, I know I could probably do some crazy regexp, or I could simply chdir then Cwd::cwd() it to get the path, but these options are likely quite time consuming, and the second would not work if the folders don't exist or are inaccessible.
The reason for this request is that I must ensure that I'm not using File::Path::remove_tree on "/" or any other major directory. The paths I'm generating are already fully qualified and are arguably safe, but I'd rather be safe than sorry. :)
Thanks in advance!
EDIT: Sorry for the lack of information in the post. It was 2AM and I thought I had put it in. Basically, I'm concerned about a classic security vulnerability existing where it may be possible to inject a path name that could include the up-directory marker in the path (".."), and by using such a hack, to go up to the root of the drive.
/project_dir/various_folders -- the folders i need to delete
It may be possible under certain conditions for project_dir or a folder name to contain "fn/../../../../../../../" and manage for the script to incidentally remove the root folder.