M.O.S. Studios Posted November 23, 2009 Share Posted November 23, 2009 I'm working on a php script to upload files in to a set directory. the user can select to upload into the "upload" directory or any of its subdirectories. at the moment the user is able to `trick` the script into uploading a file into a lower directory by typing in "upload/../../" as the upload directory I want to know if there is any way to verify the destination directory to make sure it is higher then the set directory. Or use php.ini to restrict the directory allowed to upload thanks in advance Link to comment https://forums.phpfreaks.com/topic/182638-a-function-to-check-directory-depth/ Share on other sites More sharing options...
cags Posted November 23, 2009 Share Posted November 23, 2009 You could sanitize ./ and ../ out of the string using a str_replace. Link to comment https://forums.phpfreaks.com/topic/182638-a-function-to-check-directory-depth/#findComment-963996 Share on other sites More sharing options...
M.O.S. Studios Posted November 23, 2009 Author Share Posted November 23, 2009 function subdir($parent=NULL, $child=NULL){ $return = TRUE; if(is_null($parent) && is_null($child)){ $return = FALSE; } $child = str_replace('\\', '/', $child); $parent = str_replace('\\', '/', $parent); if(strpos($child, '/..') !== FALSE) { $return = FALSE; } RETURN $return; } I found this code at http://stackoverflow.com/questions/1628699/test-if-a-directory-is-a-sub-directory-of-another-folder Link to comment https://forums.phpfreaks.com/topic/182638-a-function-to-check-directory-depth/#findComment-964024 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.