Re: [PHP] file_exists

Instruct ICC wrote:
No, you've missed the point. $expecteddir is a fixed variable that you, the script author, specify. It does not contain anything coming from external veriables. You then compare the full path you build from the external variables to $expecteddir to verify that the file is in the right directory.

I suggest you read the code I posted again.

-Stut
I meant if $page evaluates to "/home/stut/phpstuff/inc/../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php"
which it does not.

However I don't think your if (substr($page, 0, strlen($expecteddir)) != $expecteddir)
ever evaluates to TRUE. So you'll never get Access denied.

So how you set $page saved your ass. Good job.
You clearly don't know what the realpath function does. Look it up.

-Stut

No I didn't. And I looked it up for the previous reply. And I said that's the only thing saving your ass.

Your IF never evaluates to true.

But it works to keep out the hacker. So I said "Good job".

My server is down right now so I can't do my usual example script.

The realpath function will reduce your definition of $page to "/home/evil-user-home-dir/evil-payload.php"

$expecteddir is set to "/home/stut/phpstuff/inc"

The if takes the first strlen($expecteddir) characters of the reduced $page and compares it to $expecteddir.

If they don't match then if means the requested file is outside your "safe" directory, hence access denied. If they do match then it's safe to include the file.

-Stut

--
http://stut.net/
.

Relevant Pages

  • Re: beginner web site maintainer
    ... Either use a text editor like bluefish found at http://bluefish.openoffice.nl/download.htmlto compare the pages or print out the page that works and one that does not and compare them line by line. ... Change everything in one version and upload it, review it - if it blew up, upload the safe copy and start over. ... As I see it you have two choices, buy HTML for the World Wide Web by Elisabeth Castro and Eric Meyer on CSS and get to work, or admit you are in over your head and bail out. ...
    (alt.html)
  • Re: File-Compare "fc" falsely reports mismatch between identical files
    ... said to compare files as ascii text. ... Redmond is some variety of universal standard. ... mean that there is no benefit in making the distinction between ASCII ... it is now safe to turn your computer off. ...
    (microsoft.public.win2000.cmdprompt.admin)
  • Re: Struct compares/copies
    ... For safe and meaningful comparison, compare on a field-by-field basis, ... It is entirely possible for memcmp to return non-zero ... the problem is structure padding. ...
    (comp.lang.c)
  • Re: Struct compares/copies
    ... For safe and meaningful comparison, compare on a field-by-field basis, ... It is entirely possible for memcmp to return non-zero ...
    (comp.lang.c)
  • Re: Struct compares/copies
    ... Trust has nothing to do with it. ... For safe and meaningful comparison, compare on a field-by-field basis, ... same address to have different bit representations. ...
    (comp.lang.c)