You could also use the realpath() function...
realpath -- Returns canonicalized absolute pathname
realpath() expands all symbolic links and resolves references to '/./',
'/../' and extra '/' characters in the input path and return the
canonicalized absolute pathname. The resulting path will have no symbolic
link, '/./' or '/../' components.
On Tue, 21 May 2002, Bogdan Stancescu wrote:
> Just to aknowledge that your post is being read: I think that's all you
> have to do - that obviously doesn't necessarily mean I'm also right. :-)
>
> Bogdan
>
> Jimmy Lantz wrote:
>
> > Hi,
> > I'm planning on using userinput as a part of path to read (horrific I
> > know :)
> > So to make this userinput a bit more secure I'm thinking to use
> > $path = escapeshellarg($path);
> > $path = str_replace("../","",$path);
> >
> > I'm thinking to use a basedir in a constant something like
> > /usr/home/userdir (this also being set in php.ini)
> > then add the userinput and then append that to the constant and then
> > use opendir() on it.
> > I want to avoid people putting in nice little strings like ../../../etc/
> >
> > Any other pointers?
> > / Jim
> >
> > Security is a state of mind not a sales arguement!
> >
> > *** Secret behind flying=
> > Throw yourself at the ground and miss :-)
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
