How can I prevent access above root? (by dot dot slash)
I can see all files in the partition.
To test access i wrote this script & added a Go UP link:
<?php
$PartialPath = @$_GET['p']; if(empty($PartialPath)){ $PartialPath = ''; }else{ $PartialPath = "\\".$PartialPath; }
$PartialPath_Root = dirname(__FILE__);
$ScanPath = $PartialPath_Root . $PartialPath;
echo 'Scan: ',$ScanPath,'<br><br>';
$Files_arr = scandir($ScanPath);
foreach ($Files_arr as $file) {
if ('.' === $file){}
else if ('..' === $file){ echo '<a href="?p=',$PartialPath,'../" target="_self">.. GO UP </a><br><br>'; }
else{ echo $file,'<br>'; }
}
?>
unsing @Hamidreza Kalantari answer
I created a filter to detect if path is outside of root:
if(Func_AllowOnlyRootPath($PartialPath) == "1"){
// continue...
}else{
echo '<br>unsecure path - outside root<br>';
//die('Directory Traversal Prevented');
}
echo '<br>PartialPath: ',$PartialPath, '<br>';
function Func_AllowOnlyRootPath($VerifyPath){ if(empty($VerifyPath)){ return "1"; } $real_path=realpath($VerifyPath); if(strpos($real_path, ($_SERVER['DOCUMENT_ROOT']))!==0){ return "0"; } return "1"; }
function Func_AllowOnlyPhpScriptPath($VerifyPath){ if(empty($VerifyPath)){ return "1"; } $real_path=realpath($VerifyPath); if(strpos($real_path, (dirname(__FILE__)))!==0){ return "0"; } return "1"; }
use realpath function to get the actual path(which does not contain any ..), then check if it begins with root or not:
$real_path=realpath($PartialPath);
if(strpos($real_path, $PartialPath_Root)!==0) die('Directory Traversal Prevented');