C validating filename


Absolute or relative path names may contain file links such as symbolic (soft) links, hard links, shortcuts, shadows, aliases, and junctions.These file links must be fully resolved before any file validation operations are performed.In this case, considered to be under your control as well.The alternative validation via HTTP or CNAME may take up to 1 hour.



While the canonical path name is being validated, the file system may have been modified and the canonical path name may no longer reference the original valid file.Furthermore, the textual representation of a path name may yield little or no information regarding the directory or file to which it refers.Consequently, all path names must be fully resolved or canonicalized before validation.Fortunately, this race condition can be easily mitigated.

A path name that is a secure path is immune to race windows and other attempts by an untrusted user to confuse the program. Do not operate on files that can be modified by untrusted users for more information on secure paths.

Furthermore, canonicalization is performed after the file has been verified to live in a secure path. is_secure_path( $filename); $filename = abs_path( $filename); croak "Invalid path" if !