Safely join directory and filename.
@app.route('/wiki/<path:filename>') def wiki_page(filename): filename = safe_join(app.config['WIKI_FOLDER'], filename) with open(filename, 'rb') as fd: content = fd.read() # Read and process the file content...
- directory – the base directory.
- filename – the untrusted filename relative to that directory.
NotFoundif the resulting path would fall out of directory.