Hi,

I'm working on a script which basically loads an image, the user 
requested and wonder how to properly sanitize the passed path. For 
instance the user should never ever be able to do somtehing 
like ?load=../../../etc/passwd.

My approach so far is to simply urldecode() the given string and return 
an error if ".." is found in it. Maybe I'm a little paranoid but is this 
really enough?

For clarification: All paths are prefixed with some kind of a root path. 
All images within this root path may be accessed but "jumping" out of it 
should not be allowed.

Regards,
Niels.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to