Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

PHP: Directory Traversal Prevention


  • Please log in to reply
No replies to this topic

#1 John

John

    CC Mentor

  • Moderator
  • 4450 posts
  • Location:New York, NY

Posted 22 September 2008 - 12:18 PM

If you ever write a php script where you would want users to traverse directories below the current file, but prevent access to directories above the location of the file, this may help you.

$root = explode ( DIRECTORY_SEPARATOR, realpath ( dirname ( __FILE__ ) ) );

if (! is_dir ( $_GET ['directory'] )) {
die ( "Invalid Request." );
}

$request = explode ( DIRECTORY_SEPARATOR, realpath ( $_GET ['directory'] ) );

empty ( $request [0] ) ? array_shift ( $request ) : $request;
empty ( $root [0] ) ? array_shift ( $root ) : $root;

if (count ( array_diff_assoc ( $root, $request ) ) > 0) {
die ( "Invalid Request." );
}

  • 0




Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download