trait TraversalCheck

Validates that a filename or path does NOT contain directory traversals in any form.

Methods

bool
hasTraversalorNullByte(string $path)

Check if a file path contains traversals (including encoded traversals) or null bytes.

Details

at line 46
bool hasTraversalorNullByte(string $path)

Check if a file path contains traversals (including encoded traversals) or null bytes.

Directory traversals are not permitted in Tuskfish method parameters. If a path is found to contain a traversal it is presumed to be an attack. Encoded traversals are a clear sign of attempted abuse.

In general untrusted data should never be used to construct a file path. This method exists as a second line safety measure.

Parameters

string $path

Return Value

bool True if a traversal or null byte is found, otherwise false.

See also