download/goodThings/great.txt
download/betterThings/super.txt
What should I do keep people out of my ../secretThings directory?
I had tried
Code: Select all
if (ereg('\.\.', $filename))
die('bad filename'); //die, do not processThank you,
Moderator: General Moderators
Code: Select all
if (ereg('\.\.', $filename))
die('bad filename'); //die, do not processCode: Select all
//this is a 'psuedo root' - the base dir.
$ROOT_PATH = realpath('/path/to/root/');
//path to the requested file.
$path = realpath('path/to/some/file');
if ((preg_match('/^' . preg_quote($ROOT_PATH, '/') . '.*/i', $path)) && (is_file($path)) {
readfile($path);
} else {
die('Path to file is above root/base dir, or does not exist.');
}