I'm planning on using userinput as a part of path to read (horrific I know :)
So to make this userinput a bit more secure I'm thinking to use
$path = escapeshellarg($path);
$path = str_replace("../","",$path);

I'm thinking to use a basedir in a constant something like 
/usr/home/userdir  (this also being set in php.ini)
then add the userinput and then append that to the constant and then use 
opendir() on it.
I want to avoid people putting in nice little strings like ../../../etc/

Any other pointers?
/ Jim

Security is a state of mind not a sales arguement!

*** Secret behind flying=
Throw yourself at the ground and miss :-) 

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to