How do I make sure a file path is within a given subdirectory?

前端未结

关注

 3  1378

隐瞒了意图╮ 2021-01-13 02:19

I want to make sure a file path set via query string does not go outside of the desired subdirectory. Right now, I am checking that:

The path does not start w

3条回答

爱一瞬间的悲伤 (楼主)

2021-01-13 02:40

The use of realpath should not change the path, so I use it in the following way:

function checkPath($pathToCheck) {
    global $basepath;
    $fullpath = $basepath.'/'.$pathToCheck;
    if ($fullpath==realpath($fullpath) && is_dir($fullpath)) {
        return $fullpath;
    } else {
        error_die('path not allowed: '.htmlentities($pathToCheck));
    }
}

0 讨论(0)

查看其它3个回答