You could also use the realpath() function... realpath -- Returns canonicalized absolute pathname
realpath() expands all symbolic links and resolves references to '/./', '/../' and extra '/' characters in the input path and return the canonicalized absolute pathname. The resulting path will have no symbolic link, '/./' or '/../' components. On Tue, 21 May 2002, Bogdan Stancescu wrote: > Just to aknowledge that your post is being read: I think that's all you > have to do - that obviously doesn't necessarily mean I'm also right. :-) > > Bogdan > > Jimmy Lantz wrote: > > > Hi, > > I'm planning on using userinput as a part of path to read (horrific I > > know :) > > So to make this userinput a bit more secure I'm thinking to use > > $path = escapeshellarg($path); > > $path = str_replace("../","",$path); > > > > I'm thinking to use a basedir in a constant something like > > /usr/home/userdir (this also being set in php.ini) > > then add the userinput and then append that to the constant and then > > use opendir() on it. > > I want to avoid people putting in nice little strings like ../../../etc/ > > > > Any other pointers? > > / Jim > > > > Security is a state of mind not a sales arguement! > > > > *** Secret behind flying= > > Throw yourself at the ground and miss :-) > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php