subject:"Re\: \[PHP\] \"Sanitize\" paths"

Re: [PHP] "Sanitize" paths

2005-10-02 Thread Robert Cummings

On Sun, 2005-10-02 at 11:26, Philip Hallstrom wrote: > >> realpath() is your friend... > > > > That has been my first impression too, but... > > > >> realpath() expands all symbolic links > > > > I am actually using symlinks :) > > > > I trust the files on my server so "local redirects" via symlink

Re: [PHP] "Sanitize" paths

2005-10-02 Thread Philip Hallstrom

realpath() is your friend... That has been my first impression too, but... realpath() expands all symbolic links I am actually using symlinks :) I trust the files on my server so "local redirects" via symlinks are no problem, the user submitted data is. Then realpath() your doc root as we

Re: [PHP] "Sanitize" paths

2005-10-01 Thread Niels Ganser

Thanks for your reply, Philip. > realpath() is your friend... That has been my first impression too, but... > realpath() expands all symbolic links I am actually using symlinks :) I trust the files on my server so "local redirects" via symlinks are no problem, the user submitted data is. Reg

Re: [PHP] "Sanitize" paths

2005-10-01 Thread Philip Hallstrom

I'm working on a script which basically loads an image, the user requested and wonder how to properly sanitize the passed path. For instance the user should never ever be able to do somtehing like ?load=../../../etc/passwd. My approach so far is to simply urldecode() the given string and return a

Re: [PHP] "Sanitize" paths

Re: [PHP] "Sanitize" paths

Re: [PHP] "Sanitize" paths

Re: [PHP] "Sanitize" paths

4 matches

Site Navigation

Mail list logo

Footer information