Take ../ etc. out of filenames

Anon

Is there a function to make sure filenames are in a certain folder?

eg. I pass a variable over from a form, such as 2.dat and then it opens "/data/2.dat" but I need to make sure people aren't running ../somefile.php through, causing it to open /data/../somefile.php (therefore opening /somefile.php). I know I can manually take out /'s, but is there not a set way of making sure the file is inside a certain folder?

Thanks,

Danny

ps. I don't suppose anyone knows where I can get an MD5 encryption routine for JavaScript (so my passwords are encrypted before being sent to the server... sounds a little more secure than sending them in plaintext!)

jcleary

you could use explode() and then read the last element, or you could check that the string started with "/you/dir/", or you could a list of valid .php files into a database and just pass the id.

John

Anon

Yeh, I can do stuff like that, I just thought there may be a set way to stop people putting ../'s and stuff in.

Thanks,

Danny