traversing directories with php?
-
20-06-2021 - |
Question
I have a path to a folder (e.g. /var/www/tester/assets/themes/default/css/
).
a user can provide a relative path to the folder, so for example. layout/ie7.css
would give the path of /var/www/tester/assets/themes/default/css/layout/ie7.css
.
This works fine, however I want the users to be able to navigate up the directory tree as well.
so with the path to the css folder again if a user provides ../../cache/css/ie7.css
I want the path to end up as /var/www/tester/assets/themes/default/cache/css/ie7.css
.
I thought I could just pass them together to realpath() e.g:
$base = '/var/www/tester/assets/themes/default/css/';
$user_path = '../../cache/css/ie7.css';
$final_path = realpath($base.$user_path);
But that just returns false. How can I do this?
Solution
first of all the real path function also checks whether the given path exists... Are you sure your path exists???
/var/www/tester/assets/themes/default/css/../../cache/css/ie7.css
would not end up in
/var/www/tester/assets/themes/default/cache/css/ie7.css
as you suggest but it ends up in
/var/www/tester/assets/themes/cache/css/ie7.css
Does this folder with the given file exist?
OTHER TIPS
Just don't. There is nothing wrong with a path like /var/www/tester/assets/themes/default/css/../../cache/css/ie7.css
. It works on all OSes and browsers.
Note: are you aware that you might be creating a security risk here? What if users provide ../../../../../../../etc/passwd
?