|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 111 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
Sanitize Path for PHP-Nuke |
|
// Sanitize Path code from "Beginning PHP 4", ISBN: 1-861003-73-0
// Provided by http://nukecops.com - IACOJ
// Code prevents directory traversal, and is best placed in the mainfile.php.
// USAGE: $SanitizePath("../../../../config.php");
// Returns "config.php" without the path traversal. Simply pass it to a unset variable.
function SanitizePath($inpath) {
$outpath = ereg_replace("\.[\.]+", "", $inpath);
$outpath = ereg_replace("^[\/]+", "", $outpath);
$outpath = ereg_replace)"^[A-Za-z][:\|][\/]?", "", $outpath);
return($outpath);
}
This is a code snippet from the "Beginning PHP 4", ISBN: 1-861003-73-0. This was located by IACOJ and its something we need to start integrating into the mainfile.php. I'll be passing this or something similar to Francisco. Once this code, or similar is implemented, developers may start using it in blocks, modules, addons, etc which would help to prevent directory path traversal.
|
|
Posted on Friday, October 31 @ 12:38:46 CET by Zhen-Xjell |
|
|
|
|
| |
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Sanitize Path for PHP-Nuke (Score: 1)
by VinDSL on Friday, October 31 @ 20:24:50 CET
(User Info | Send a Message) http://www.lenon.com/ | Hrm... Interesting... Backslash expressions don't look right though. I assume this is for useage on Windows machines. How about this instead?
function SanitizePath($inpath)
{
$outpath = ereg_replace(".[.]+", "", $inpath);
$outpath = ereg_replace("^[\ /]+", "", $outpath);
$outpath = ereg_replace("^[A-Za-z][:|][\ /]?", "", $outpath);
return($outpath);
} |
| | | | |
|
