0

I currently trying to prevent people from deleting files from the root and the upper directories, but have searched everywhere and I can't find how to use the "in" operator.

This my expecting code:

$filename = $_GET['name'];

if("../" in $filename) {die("Error: No Permmission to delete the file.");}

unlink('./uploads/'.$_GET['name']);
NoobAtProgramming
  • 3
  • 3
  • Thats because `in` does not exist, at least not to my knowledge, but you can convince yourself: [List of Keywords](https://www.php.net/manual/en/reserved.keywords.php) What you seem to be searching is something like this: [How do I check if a string contains a specific word?](https://stackoverflow.com/questions/4366730/how-do-i-check-if-a-string-contains-a-specific-word) – Definitely not Rafal Apr 01 '22 at 05:24

1 Answers1

0

You can use str_contains() for this purpose.The str_contains() function checks whether the string (parameter #1) contains the second string. Try some thing like if you are using php 8

  if(str_contains($filename, '../'))
     {
      die("Error: No Permmission to delete the file.");
     }
     unlink('./uploads/'.$_GET['name']);

If PHP V less then 8

    if (strpos($filename, '../') !== false) 
     {
      die("Error: No Permmission to delete the file.");
     }
Aqib Javed
  • 935
  • 1
  • 5
  • 15