Directory above designated root dir

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
A few of my customers have access to a simplified web-based ftp client to
their relative root directories, all sub[sub]dirs of my main domain root.

Most of the code in my ftp class seems pretty
efficient, easy to maintain, and elegant at times. Somehow I keep fighting
with one issue:

When a user attempts to change dirs (they only can do so via the provided
method of my ftp class, they never 'see' the actual connection resource) I
have to check whether the desired new directory is *):

1. a valid directory
2. can be reached from the current working directory (or has a full path)
3. is not above their root directory  

*) As long as user doesn't fiddle with POST vars I'll never come across
that bridge, but hey, you shouldn't trust user data, ever.

I am particularly unhappy about my implementation of test 3. I end
up doing a lot of str_len() compares on target and root strings, testing
whether one is a substr of the other and vice versa, and all that results
in a yes or no on the big question. It works, but it's Ugly, and probably

Somehow I am *sure* this is a silly way of going about it. Yet each new
attempt I keep ending up with something similar. Call it tunnelvision or
one-man-group-think. Had it before, and seen it with others. Something
human,I suppose.

Does anyone have a simple, elegant solution for this common test, whether
or not a dir is above or under another dir?

Thanks in advance for your help,


Re: Directory above designated root dir

On Fri, 27 Apr 2007 21:29:45 +0200, Schraalhans Keukenmeester wrote:

Quoted text here. Click to load it

Think I've seen the light. New solution:

public function ChangeDir ($targetdir) {
  // $this->real_user_ftp_root = '/var/www/clients/mydomain/users/foo';
  if ($targetdir != '/') {
    $targetdir = $this->GetCurrentDir().'/'.$targetdir;
  else {
  $target_real_dir = realpath($this->real_user_ftp_root.'/'.$targetdir);
  if (str_str($target_real_dir, $this->real_user_ftp_root)===false) {
    trigger_error ("$targetdir is not in the allowed path",E_USER_NOTICE);  
    return false;
  if (!ftp_chdir($targetdir,$this->connection)) {
    trigger_error ("Unable to change to $targetdir,E_USER_NOTICE);  
    return false;
  return true;
Not ideal, but way better than what I had before. Thanks, me!
Comments welcome, of course.


Site Timeline