stackoom
  简体   繁体   中英

How to protect url manipulating with /.. in php

 原文  2019-01-14 16:43:17       php/ url/ protection

Question

I am using a filemanagement systeem and i want to protect url manipulating when they fill in the url /.. after the url string. In that case, they get out of the root. How can i do that?

Some more information: I have a folder on the webserver in httpdocs . The path is: httpdocs/filemanagement In the url you can see: http://example.com/filemanagement/index.php?dir=blablabla When typing after the blablabla /.. somebody can see all the folders what are in httpdocs

1 answers

solution1
 0  2019-01-14 23:55:44

If you can get access to a previous folder by only typing after the url string /. or /.. , you can catch them with $_SERVER['QUERY_STRING']

if (basename($_SERVER['QUERY_STRING']) == ".." or basename($_SERVER['QUERY_STRING']) == "." )  {

    exit('Not allowed');
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to protect an ID in the url with php? How to Protect PHP Url From Direct Accessing? How to protect access to a url? how to protect url string which is created by GET in php PHP - How to protect the URL after logging in from copy paste how to protect POST data in PHP that can be manipulated in the url how to protect inputfield with php How to protect a class in PHP How to protect PHPSESSID in php? How to protect a template locking it to a url
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM