PHP solution for validating file path
Check out this one: https://stackoverflow.com/a/4050444/108544
That function operates on the path string, and should also work if the target path doesn't actually exist on the file system.
тараканы_простыли
Updated on June 04, 2022Comments
-
тараканы_простыли almost 2 years
I need to validate passed file path, before it will be written to disk and new directory structure for it will be created. For example, we have
$path = "/uploads/base/../../user_new_dir/img.jpg"
. This is incorrect path due to"/.." ("/uploads/base"
- allowed for saving directory,"/user_new_dir/img.jpg"
- user defined path and file name).I can't use
realpath($path)
, because it works only with existing files. I can't userealpath(dirname($path))
, because we may create new folders for saving file.I look for script, which checks all possible cases. I worry that I can miss something like multi-byte representation of the
'.'
character or others unexpected ways, which may cause security issues. Could you advice appropriate implementation of my task in any framework or cms, so I could look into it?