PHP Snippet #01
This challenge covers the review of a snippet of code written in PHP
In this challenge, we examine a PHP function named list_files_for_user
that takes a username as a parameter. The function creates a base directory named "files/username" if it doesn't already exist and then returns a list of files in that directory, excluding the current and parent directory references. However, the code is vulnerable to directory traversal attacks because it concatenates the username directly without validation.
If an attacker inputs a malicious username like ../../../etc
, they could potentially traverse directories and read sensitive files like those in the /etc
directory. To mitigate this risk, the developer should use the basename
function to sanitize the username and remove any directory traversal sequences before concatenating it with the directory path "files/". This will ensure that only valid filenames are used, preventing unauthorized directory access.