The 5th Annual China PHP Conference

Voting

Please answer this simple SPAM challenge: min(four, zero)?
(Example: nine)

The Note You're Voting On

Latchezar Tzvetkoff
8 years ago
A basic filename/directory/symlink checking may be done (and I personally do) via realpath() ...

<?php

if (isset($_GET['file'])) {
   
$base = '/home/polizei/public_html/'// it seems this one is good to be realpath too.. meaning not a symlinked path..
   
if (strpos($file = realpath($base.$_GET['file']), $base) === 0 && is_file($file)) {
       
unlink($file);
    } else {
        die(
'blah!');
    }
}
?>

<< Back to user notes page

To Top