how to serve a file only out of one directory and down
Posted: Tue Jul 25, 2006 8:31 am
I need to pass a filename to a script and I need that script to then do a readfile() on the file (for a Content-disposition download). I want people to only be able to access a certain subdirectory (eg "downloads") and below. There are different subdirectories beneath this so $filename includes a path:
download/goodThings/great.txt
download/betterThings/super.txt
What should I do keep people out of my ../secretThings directory?
I had tried
But I don't know if that's enough.
Thank you,
download/goodThings/great.txt
download/betterThings/super.txt
What should I do keep people out of my ../secretThings directory?
I had tried
Code: Select all
if (ereg('\.\.', $filename))
die('bad filename'); //die, do not processThank you,