I am using a filemanagement systeem and i want to protect url manipulating when they fill in the url /..
after the url string. In that case, they get out of the root. How can i do that?
Some more information: I have a folder on the webserver in httpdocs
. The path is: httpdocs/filemanagement
In the url you can see: http://example.com/filemanagement/index.php?dir=blablabla
When typing after the blablabla
/..
somebody can see all the folders what are in httpdocs
If you can get access to a previous folder by only typing after the url string /.
or /..
, you can catch them with $_SERVER['QUERY_STRING']
if (basename($_SERVER['QUERY_STRING']) == ".." or basename($_SERVER['QUERY_STRING']) == "." ) {
exit('Not allowed');
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.