Are there any potential security risks associated with the file handling in the PHP code provided?

The provided PHP code is vulnerable to directory traversal attacks, as it directly concatenates user input ($_GET['file']) with the file path without proper validation. To mitigate this security risk, it is essential to sanitize and validate the user input before using it to access files on the server.

&lt;?php
// Sanitize and validate the user input
$file = isset($_GET[&#039;file&#039;]) ? basename($_GET[&#039;file&#039;]) : &#039;default-file.txt&#039;;
$filepath = &#039;uploads/&#039; . $file;

// Check if the file exists before accessing it
if (file_exists($filepath)) {
    // Process the file
    $fileContent = file_get_contents($filepath);
    echo $fileContent;
} else {
    echo &#039;File not found&#039;;
}
?&gt;

Keywords

file handling security risks PHP code vulnerabilities error handling

Are there any potential security risks associated with the file handling in the PHP code provided?

Keywords

Related Questions