$path = $_GET['path'];
if (strpos($path, '../') !== false ||
strpos($path,"..\") !== false ||
strpos($path, '/..') !== false ||
strpos($path, '\..') !== false)
{
// Strange things happening.
}
else
{
// The request is probably safe.
if (file_exists(dirname(FILE) . DIRECTORY_SEPARATOR . $path))
{
// Send the file.
}
else
{
// Handle the case where the file doesn't exist.
}
}
代码没看出安全性问题,主要是接收参数时
$path = isset($_GET['path'])?trim$_GET['path']):'';
strpos($path,"..\")
改为
strpos($path,"..\\")
如果涉及参数删除目标文件,在白帽检测中可能会造成任意删除文件的漏洞。