Jump to content

[SOLVED] Permissions, permissions, permissions...

mattal999

By mattal999
in PHP Coding Help

Recommended Posts

mattal999 Regular Member

mattal999

Posted
Posted

hi, how would i make it so that the $file variable is not allowed to have ../ or ./ in it?

 

<?php
error_reporting(0);
session_start();
$user = $_SESSION['userName'];
$file = $_POST['file'];
$CurDir = dirname(__FILE__);
if($_POST['folder'] != '') {
$user = $user . '/' . $_POST['folder'];
} else {
$user = $user;
}
$NewDir = "$CurDir/$user";
$filepath = $NewDir."/".$file;

if (!file_exists($NewDir) && !is_dir($NewDir) ) mkdir($NewDir, 0755);

if( is_dir($NewDir) )
{
	if (is_writable($NewDir))
	{
if($_POST['folder'] != '') {
$folder = $_POST['folder'];
} else {
$folder = '';
}
if (!$handle = fopen($filepath, 'x+'))
		{
			 echo "<center><font face='verdana' size='2'>The file $file already exists, edit it <a href='writenew.php?file=" . $folder . "" . $file . "' style='border-bottom: dotted #000000 1px; text-decoration: none;'><font color='000000'>here</a>";
			 exit;
		}

		echo "<center><font face='verdana' size='2'>Success, made a new file $file, edit it <a href='writenew.php?file=" . $folder . "" . $file . "' style='border-bottom: dotted #000000 1px; text-decoration: none;'><font color='000000'>here</a>";

		fclose($handle);

	} else {
		echo "<center><font face='verdana' size='2'>The file $file could not be made";
	}
}
?>

 

thanks

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.