realpath() will let you convert any path that may contain relative information into an absolute path…you can then ensure that path is under a certain subdirectory that you want to allow downloads from.
More Related Contents:
- xss attack on a php page
- How Secure Is This Login System? (Using Cookies In PHP)
- What are the best practices for avoiding xss attacks in a PHP site [closed]
- When should I use prepared statements?
- “Keep Me Logged In” – the best approach
- Full Secure Image Upload Script
- How safe are PHP session variables?
- Generating a random password in php
- What does it mean to escape a string?
- PHP $_SERVER[‘HTTP_HOST’] vs. $_SERVER[‘SERVER_NAME’], am I understanding the man pages correctly?
- Preventing session hijacking
- Why is using a mysql prepared statement more secure than using the common escape functions?
- Are mysql_real_escape_string() and mysql_escape_string() sufficient for app security?
- how safe are PDO prepared statements
- How to get rid of eval-base64_decode like PHP virus files?
- How can I relax PHP’s open_basedir restriction?
- “slash before every quote” problem [duplicate]
- How to create a laravel hashed password
- How to run PHP exec() as root?
- Hiding true database object ID in url’s
- Sanitizing user’s data in GET by PHP [duplicate]
- CodeIgniter – why use xss_clean
- Session hijacking and PHP
- Codeigniter CSRF – how does it work
- Session timeouts in PHP: best practices
- Best way to connect to MySQL with PHP securely [duplicate]
- Unique key generation
- Is it possible to execute PHP with extension file.php.jpg?
- When to use filter_input()
- Proper session hijacking prevention in PHP