"Sanitize" paths — PHP — IT news, forums, messages

You are here: "Sanitize" paths « PHP « IT news, forums, messages

Posted by Niels Ganser on 10/02/05 03:46

Hi,

I'm working on a script which basically loads an image, the user
requested and wonder how to properly sanitize the passed path. For
instance the user should never ever be able to do somtehing
like ?load=../../../etc/passwd.

My approach so far is to simply urldecode() the given string and return
an error if ".." is found in it. Maybe I'm a little paranoid but is this
really enough?

For clarification: All paths are prefixed with some kind of a root path.
All images within this root path may be accessed but "jumping" out of it
should not be allowed.

Regards,
Niels.

Navigation:

Next in forum: Re: [PHP] "Sanitize" paths
Prev in forum: Re: [PHP] creating a shopping cart.
Thread view: "Sanitize" paths

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация