Added path parameter sanitization so no relative paths can be passed (i.e. /../). I did not include this logic in buildURL() in BoxRequest because though this is used for most requests, it is not the only buildURL() method. There are others in the SDK that are used for other requests. So I would have to include the logic in multiple methods if I chose the buildURL() route. The only method all requests used was the send() method in BoxRequest, so I included the sanitization logic here.
Added path parameter sanitization so no relative paths can be passed (i.e.
/../
). I did not include this logic inbuildURL()
inBoxRequest
because though this is used for most requests, it is not the onlybuildURL()
method. There are others in the SDK that are used for other requests. So I would have to include the logic in multiple methods if I chose thebuildURL()
route. The only method all requests used was thesend()
method inBoxRequest
, so I included the sanitization logic here.