You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 435 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Sanitize Path for PHP-Nuke
Security

// Sanitize Path code from "Beginning PHP 4", ISBN: 1-861003-73-0
// Provided by http://nukecops.com - IACOJ
// Code prevents directory traversal, and is best placed in the mainfile.php.
// USAGE: $SanitizePath("../../../../config.php");
//              Returns "config.php" without the path traversal.  Simply pass it to a unset variable.

function SanitizePath($inpath) {
         $outpath = ereg_replace("\.[\.]+", "", $inpath);
         $outpath = ereg_replace("^[\/]+", "", $outpath);
         $outpath = ereg_replace)"^[A-Za-z][:\|][\/]?", "", $outpath);
         return($outpath);
}


This is a code snippet from the "Beginning PHP 4", ISBN: 1-861003-73-0. This was located by IACOJ and its something we need to start integrating into the mainfile.php. I'll be passing this or something similar to Francisco. Once this code, or similar is implemented, developers may start using it in blocks, modules, addons, etc which would help to prevent directory path traversal.
Posted on Friday, October 31 @ 12:38:46 CET by Zhen-Xjell
 
Related Links
· Computer Cops
· More about Security
· News by Zhen-Xjell


Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Sanitize Path for PHP-Nuke (Score: 1)
by Vchat20 on Friday, October 31 @ 14:06:50 CET
(User Info | Send a Message) http://www.pokeradio.com/
sorry for actinbg like a newb, but exactly what does this do? in english plz.



Re: Sanitize Path for PHP-Nuke (Score: 1)
by VinDSL on Friday, October 31 @ 20:24:50 CET
(User Info | Send a Message) http://www.lenon.com/
Hrm... Interesting... Backslash expressions don't look right though. I assume this is for useage on Windows machines. How about this instead?

function SanitizePath($inpath)
{
$outpath = ereg_replace(".[.]+", "", $inpath);
$outpath = ereg_replace("^[\ /]+", "", $outpath);
$outpath = ereg_replace("^[A-Za-z][:|][\ /]?", "", $outpath);
return($outpath);
}



Re: Sanitize Path for PHP-Nuke (Score: 1)
by chris-au on Friday, October 31 @ 23:05:30 CET
(User Info | Send a Message) http://sengers-au.com
Wonder what it is supposed to do and where to start that function from.


Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.199 Seconds - 193 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::