C validating filename
While the canonical path name is being validated, the file system may have been modified and the canonical path name may no longer reference the original valid file.Furthermore, the textual representation of a path name may yield little or no information regarding the directory or file to which it refers.Consequently, all path names must be fully resolved or canonicalized before validation.Fortunately, this race condition can be easily mitigated.
A path name that is a secure path is immune to race windows and other attempts by an untrusted user to confuse the program. Do not operate on files that can be modified by untrusted users for more information on secure paths.
Furthermore, canonicalization is performed after the file has been verified to live in a secure path. is_secure_path( $filename); $filename = abs_path( $filename); croak "Invalid path" if !