Y
Hacker News
new
|
ask
|
show
|
jobs
by
toolate
5706 days ago
You might be better off getting the canonical path and then checking against a whitelist. E.g. `strpos(realpath($command_path), '/var/www/html/') === 0`.