You are here: start / security / mitigating_path_traversals_for_web_services / php

About

This is a PHP example illustrating how path traversals can be mitigated.

Code

<?php
 
# Get the user-supplied path.
$userPath = $_POST['path'];
 
# The document root path.
$documentRoot = realpath("/var/www");
 
# Get the path from the user-supplied path.
$pathPart = pathinfo($userPath);
# Compare the "real" directory path of the user supplied path with the document root.
if(realpath($pathPart['dirname']) != $documentRoot)
    die;
security/mitigating_path_traversals_for_web_services/php.txt ยท Last modified: 2022/04/19 08:28 by 127.0.0.1
You are here: start / security / mitigating_path_traversals_for_web_services / php

Wizardry and Steamworks

© 2025 Wizardry and Steamworks

Access website using Tor Access website using i2p Wizardry and Steamworks PGP Key


For the contact, copyright, license, warranty and privacy terms for the usage of this website please see the contact, license, privacy, copyright.