Mega Code Archive
Cleaning up a file name with realpath()
<![CDATA[
$filename = realpath("/usr/local/data/$_POST[user]");
if ('/usr/local/data/' == substr($filename, 0, 16)) {
print 'User profile for ' . htmlentities($_POST['user']) .': <br/>';
print file_get_contents($filename);
} else {
print "Invalid user entered.";
}
]]>