Hello everyone, I’m developing a photo sharing web site using the CodeIgniter PHP framework. The idea is that people could upload their photos, manage them (through some sort of file browser which allows them to create subfolders, drag files around, etc) and edit them (some basic things like resizing, rotating and cropping to start with, and later on, I’ll add some advanced features).

I’ve already implemented a third party authentication solution for CI (Redux Authentication 2 Beta) and I’m now integrating a JS/PHP file manager (AjaxExplorer), but the problem is that the PHP backend for managing files (moving, copying, etc) is trusting too much on the user input from the ajax calls. For instance, it’s doing things like this (simplified for the sake of clarity):

move_uploaded_file($_FILES['upload']['tmp_name'], $root.$username.$_POST['destination_dir']); 

As you can see, there are obvious security concerns as it blindly accepts whatever path the user throws in! I can already see someone sending something like ‘../AnotherUser/’ as the $_POST[‘destination_dir’] value.

My question is: What’s the best way to ‘sandbox’ a user, in order to only allow him to manage his own data? Do I just validate+filter the inputs, hoping to catch every attempt of intrusion? Are there any libraries/packages dedicated to address this specific issue?

I think this problem must be somehow solved in any (mature enough) project, which gives its users the power of managing their files through a web browser, so I expected to find some clear guidelines around this (as there are a lot about SQL Injection, XSS, CSRF, etc) but I guess I’m not using the right keywords.