jeudi 2 avril 2015

easiest way to disallow ../ in php mkdir

I have a PHP script that creates a folder based on a users name input.


What is the easiest way to deny the user from creating folders up/back in the structure as he could by typing for example "../../folderName" for the folder name?


I could sanitize the users string and remove slashes and/or dots, but is that a 100% safe way of doing it?



//compile path to create
$fPath = $path.$parent.'/'.$name;

//create the folder
if (!mkdir($fPath)) {
//setup response json
$resp = array();
$resp['success'] = 0;
$resp['message'] = "Error: Failed to create folder, check permissions on filesystem.";
}
else {

//setup response json
$resp = array();
$resp['success'] = 1;
$resp['message'] = "Folder successfully created in ".$fPath;

}

header('Content-Type: application/json');
echo json_encode($resp);

Aucun commentaire:

Enregistrer un commentaire