php - How to safely create files based on session id -


here problem: want make html form allow users upload images webserver. when user uploads files, want create directory him files uploaded to.

so user can delete files later on, thought should name directory user session id...

so here concern: have chrome plugin 'editthiscookie' , can change phpsessid this:

'../test' or string want.

of course can remove unwanted characters before create directory, new php , wanted know if there best practices on how correctly?

update: how right now. ok?

if(! preg_match('/^[0-9a-za-z]+$/', session_id())){     session_regenerate_id(); } 

it's fine use session cookie value this.

but people safe session id remote address (ip) of user , validate it, request needs have correct session cookie value , remote address.

this way there won't unwanted/unvalidated cookie values written disk , no abuse through cookie manipulation.


Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -