TraversalCheck
trait TraversalCheck
Validates that a filename or path does NOT contain directory traversals in any form.
Methods
bool
hasTraversalorNullByte(string $path)
Check if a file path contains traversals (including encoded traversals) or null bytes.
Details
at line 46
bool
hasTraversalorNullByte(string $path)
Check if a file path contains traversals (including encoded traversals) or null bytes.
Directory traversals are not permitted in Tuskfish method parameters. If a path is found to contain a traversal it is presumed to be an attack. Encoded traversals are a clear sign of attempted abuse.
In general untrusted data should never be used to construct a file path. This method exists as a second line safety measure.