I have an application that let users export files from a custom template filled with some data, and right now they can choose the location it will save to. If the file already exists, it will either overwrite it or generate a new name according to their preference.

Whatever folder / file name it will export to and whether it will overwrite the file if it exists or not is stored in a config file the user creates and saves. Then all he does is run this file, and the application will start gathering data and exporting these files.

So the danger is that I could send you a config file that saves to the C drive and all you’d need to do is open it and run it and it could overwrite files you have on your C drive if they happen to have the same name. What I’m considering doing is having the user select a folder where to save files, and store this preference not in the config file but save it as a user preference, so if I give you a config file, this file will export to whatever folder you’ve chose to export to. The config file would determine the file name, though.

Is easy to force them to enter only valid file characters as a file name (which would exclude the \ character), but I would like to allow them to enter a sub folder and file name instead of only a file name in the config file so they can better organize their exported files. But if I do, they could enter something like ..\..\something_important.exe, which would save outside the folder the user has defined for his exports. How would you ensure they can enter a path like \sub\subsub\myfile.txt but not like ..\..\myfile.txt. Would it be enough to ensure there are no ..\ strings in the path? Is there any other code like ..\ that could let them navigate up the folder tree?