Posted by Schraalhans Keukenmeester on 04/27/07 19:29

A few of my customers have access to a simplified web-based ftp client to
their relative root directories, all sub[sub]dirs of my main domain root.

Most of the code in my ftp class seems pretty
efficient, easy to maintain, and elegant at times. Somehow I keep fighting
with one issue:

When a user attempts to change dirs (they only can do so via the provided
method of my ftp class, they never 'see' the actual connection resource) I
have to check whether the desired new directory is *):

1. a valid directory
2. can be reached from the current working directory (or has a full path)
3. is not above their root directory

*) As long as user doesn't fiddle with POST vars I'll never come across
that bridge, but hey, you shouldn't trust user data, ever.

I am particularly unhappy about my implementation of test 3. I end
up doing a lot of str_len() compares on target and root strings, testing
whether one is a substr of the other and vice versa, and all that results
in a yes or no on the big question. It works, but it's Ugly, and probably
dumb.

Somehow I am *sure* this is a silly way of going about it. Yet each new
attempt I keep ending up with something similar. Call it tunnelvision or
one-man-group-think. Had it before, and seen it with others. Something
human,I suppose.

Does anyone have a simple, elegant solution for this common test, whether
or not a dir is above or under another dir?

Thanks in advance for your help,
Best,

Sh.

[Back to original message]