thanks for the important advise :) On Wed, Nov 28, 2012 at 10:28 PM, Tim Chase <django.us...@tim.thechases.com>wrote:
> On 11/28/12 14:19, Loai Ghoraba wrote: > > I just go it, it is > > > > url(r'^download/(?P<path>.*)$', 'faculty.views.Main.download_file'), > > Just be careful to normalize the resulting path so that people don't > do things like > > http://example.com/download/../../etc/passwd > > Fortunately, the standard library has functions in os.path.* for > getting the absolute path, checking against leading subdirectory > paths, and the like. > > -tkc > > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
