I want to check if a file path is in current directory tree. Suppose

Question

0

Editorial Team

Asked: May 27, 20262026-05-27T11:24:08+00:00 2026-05-27T11:24:08+00:00

I want to check if a file path is in current directory tree. Suppose

0

I want to check if a file path is in current directory tree.

Suppose the parameter is given as js/script.js. My working directory (WD) is /home/user1/public_html/site

Now for current WD if someone supplies js/script.js I can simply check it by appending to the WD. It works for such normal path. But if anyone (may be an attacker) wants to pass ../../../../etc/password it’d be a problem.

I know it can be suppressed by removing the .. characters using some RegEx. And that will solve it for sure. But I want to know how can I create some sort of chrooted environment sot that whatever path/to/script is passed it will be searched under WD?

Edit:
I am aware of http://php.net/chroot. it requires your app to run with root privileges.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T11:24:09+00:00

Editorial Team

2026-05-27T11:24:09+00:00Added an answer on May 27, 2026 at 11:24 am

http://php.net/manual/en/function.realpath.php

$chroot = '/var/www/site/userdata/';
$basefolder = '/var/www/site/userdata/mine/';

$param = '../../../../etc/password';
$fullpath = realpath($basefolder . $param);

if (strpos($fullpath, $chroot) !== 0) {
  // GOTCHA
}

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I want to check if a file path is in current directory tree. Suppose

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply