If a user was requesting a file on a service, I could normally protect

Question

0

Asked: June 9, 20262026-06-09T15:38:39+00:00 2026-06-09T15:38:39+00:00

If a user was requesting a file on a service, I could normally protect

0

If a user was requesting a file on a service, I could normally protect them from accessing documents outside the scope of what I want by using PHP’s realpath() and ensuring it is under the root directory. Such as like this:

$path = realpath($_GET['path']);
// Protect against LFI vulnerabilities
if (substr($path, 0, strlen($root)) == $root)
{
    // safe
}

However, realpath() only works on files that already exist.
What if I want to ensure that the location the user is about to have my script write to is under the root?

I can’t use realpath(), should I just check and strip out ‘..’ references?
Or is there a better way?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-09T15:38:41+00:00

Editorial Team

2026-06-09T15:38:41+00:00Added an answer on June 9, 2026 at 3:38 pm

How about checking if realpath(dirname($file)) is under the root directory?

$dir = $path;
$found = false;

while ($dir) {
    $dir = dirname($dir);
    if (!is_dir($dir)) {
        continue;
    }

    if (strpos(realpath($dir), $root) === 0) {
        $found = true;
    }

    break;
}

var_dump($found);

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

If a user was requesting a file on a service, I could normally protect

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply