Jump to content

Existing user? Sign In
Sign In

Remember me Not recommended on shared computers

Forgot your password?
Sign Up

Home

JustinsLorel

New Members

View Profile See their activity

Posts
2
Joined
February 5, 2015
Last visited
February 6, 2015

Content Type

All Activity

Profiles

Forums

Topics
Posts

Everything posted by JustinsLorel

Tips regarding security issues involved with listing filenames in php

JustinsLorel replied to JustinsLorel's topic in PHP Coding Help

So from what i understand i should hard code part of the Url into my php form limiting the user to that scope. Would it make sense to have an if statement ignore '..' and '...' input?
- February 6, 2015
- 3 replies
- - security
  - scandir
  - (and 2 more)
    Tagged with:
    
    security
    
    scandir
    
    glob
    
    injection
Tips regarding security issues involved with listing filenames in php

JustinsLorel posted a topic in PHP Coding Help

Hey guys, i have created a php file which takes two parameters: a subdirectory path a file extension it then echos the complete path pf (glob()) all the files with that extension in the searching folder. I wanted to know the security issues involved with this and how i might use escape methods to make sure someone can't move up the directory listing and get other filename. Are there any other concerns i should have? No data is coming or going to a database however there are other php files on the server which communicate with mySQL. Thanks alot!
- February 5, 2015
- 3 replies
- - security
  - scandir
  - (and 2 more)
    Tagged with:
    
    security
    
    scandir
    
    glob
    
    injection

×

Browse
- Back
- Forums
- Staff
- Leaderboard
- Guidelines
- Terms of Service
Activity
- Back
- All Activity
- Search
Join our Discord!

×

Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.