Hi, I'm working on a script which basically loads an image, the user requested and wonder how to properly sanitize the passed path. For instance the user should never ever be able to do somtehing like ?load=../../../etc/passwd.
My approach so far is to simply urldecode() the given string and return an error if ".." is found in it. Maybe I'm a little paranoid but is this really enough? For clarification: All paths are prefixed with some kind of a root path. All images within this root path may be accessed but "jumping" out of it should not be allowed. Regards, Niels. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
