php - How to safely create files based on session id -


here problem: want make html form allow users upload images webserver. when user uploads files, want create directory him files uploaded to.

so user can delete files later on, thought should name directory user session id...

so here concern: have chrome plugin 'editthiscookie' , can change phpsessid this:

'../test' or string want.

of course can remove unwanted characters before create directory, new php , wanted know if there best practices on how correctly?

update: how right now. ok?

if(! preg_match('/^[0-9a-za-z]+$/', session_id())){     session_regenerate_id(); }

it's fine use session cookie value this.

but people safe session id remote address (ip) of user , validate it, request needs have correct session cookie value , remote address.

this way there won't unwanted/unvalidated cookie values written disk , no abuse through cookie manipulation.


Comments

Post a Comment

Popular posts from this blog

tcpdump - How to check if server received packet (acknowledged) -

Image
i running tcpdump on server capture traffic between server (servera) , remote server (serverb). not know how read output tcpdump. point out if serverb acknowledging packets being sent servera being received serverb? here tcpdump log: 2015-03-31 11:32:18.038284 ip (tos 0x0, ttl 64, id 30781, offset 0, flags [df], proto tcp (6), length 60) servera.14033 > serverb.8004: flags [s], cksum 0x02bd (correct), seq 337482636, win 14600, options [mss 1460,nop,nop,ts val 506588081 ecr 0,nop,wscale 7], length 0 0x0000: 4500 003c 783d 4000 4006 bae4 0a04 7a0e e.. servera.14033: flags [s.], cksum 0x3b2a (correct), seq 1742982091, ack 337482637, win 4140, options [mss 1380,nop,wscale 0], length 0 0x0000: 4500 0030 5ff2 0000 f606 5d3b cefd b48a e..0_.....];.... 0x0010: 0a04 7a0e 1f44 36d1 67e3 cbcb 141d 938d ..z..d6.g....... 0x0020: 7012 102c 3b2a 0000 0204 0564 0103 0300 p..,;*.....d.... 2015-03-31 11:32:18.078622 ip (tos 0x0, ttl 64, id 30782, offset 0, flags [
Read more