file->moveTo
Moves a file.
Target
Signature
1file->moveTo(path::string, overwrite::boolean=false)Moves a file.
file->moveTo is called with member syntax on a receiver value. file->moveTo touches paths or filesystem data. Resolve paths deliberately and avoid mixing visitor-provided path fragments with trusted server paths without validation.
Parameters
path- Required value of type
string. Supplypathpositionally unless the signature shows a keyword form. overwrite- Optional value of type
boolean. Supplyoverwritepositionally unless the signature shows a keyword form.
In web-serving modes, request-targeted application file access cannot escape the configured document_root. That boundary can come from the .ini file, the --docroot flag used by the LaiRu HTTP server or FPM process, or FastCGI values such as DOCUMENT_ROOT and SCRIPT_FILENAME supplied by nginx or Apache. See the web root directory, FastCGI options, and LaiRu FPM pages for the deployment side of that boundary.
Examples
Basic call
1file('/tmp/a.txt')->moveTo('/tmp/b.txt', true)The example assumes a trusted path. Validate or resolve any path built from visitor input.
Guard a write operation under an application directory
1[2local(base) = '/var/www/html/uploads'3local(name) = string(web_request->param('name'))->trim45if(#name->contains('/') || #name->contains('..')) => {6 fail('Bad filename')7}89local(src) = file(#base + '/incoming/' + #name)10local(dst) = #base + '/published/' + #name11if(#src->exists) => {12 #src->moveTo(#dst, true)13}14]Before moving, copying, deleting, or changing permissions, reduce visitor input to a filename or another narrow value you can validate.