I want to test if a path given by the user go down like:

Question

0

Editorial Team

Asked: May 25, 20262026-05-25T18:35:55+00:00 2026-05-25T18:35:55+00:00

I want to test if a path given by the user go down like:

0

I want to test if a path given by the user go down like:

my/down/path

at the opposite of:

this/path/../../go/up

for security reasons.

I already made this:

return (bool)preg_match('#^([a-z0-9_-])+(\/[a-z0-9_-])*$#i', $fieldValue);

But the user should be allowed to use the '.' in his path (like: my/./path, that not useful but he can) and I don’t know how to consider it.

I’m then looking for a secure regex to check this.

Thanks

edit: After viewing answers, yes it would be fine if the test check if the real path (removing '.' and '..') is a down path.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-25T18:35:56+00:00

You probably do not want to check that a path doesn’t contain .. but instead want to check that if evaluated as whole, it doesn’t go up. E.g. ./path/.. is still in ., even though it contains ...

You can find an implementation of path depth validation in Twig:

$parts = preg_split('#[\\\\/]+#', $name);
$level = 0;
foreach ($parts as $part) {
    if ('..' === $part) {
        --$level;
    } elseif ('.' !== $part) {
        ++$level;
    }

    if ($level < 0) {
        return false;
    }
}

return true;

Twig does not use realpath for the validation, because realpath has issues with paths in Phar archives. Additionally realpath only works if the pathname already exists.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I want to test if a path given by the user go down like:

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply