Wednesday 1 May 2013

Quick puzzle: is this path within the doc root?

Here's a code puzzle question.

Write a function thus:

boolean function isWithinWebroot(required string fileSystemPath){
    // provide code here

Which would work as follows:

// given a webroot being in C:\inetpub\wwwroot\ (NB: you don't know this value, so you have to infer it with your code)
isWithinWebroot("C:\windows"); // false
isWithinWebroot("C:\inetpub\wwwroot"); // true
isWithinWebroot("C:\inetpub\wwwroot\images"); // true
isWithinWebroot("C:/inetpub/wwwroot/js/code.js"); // true

If the tested path passes the test, it will then be used as the base path to serve file(s), so it must not be hackable. Please note that the value passed into the function comes from user input.

So if you fancy it, stick some code in pastebin or create a gist or something, and post it. The answer I like the most (entirely subjectively) will get a beer.