I need to delete image files in my /var/www/mysite/postImage folder with unlink() function in php.
But I'm absolutely worried about if somebody hacked into my site and was using it .. or . in the path and try to delete something in upper level folder.
I'm using JQuery to send the path and because it's client side programming it's dangerous.
I know , I can bypass dots when uploading files but what if somebody changes the path in client side by adding dots to it?
My question is how to prevent somebody from doing that?
.. from path, sanitize and validate path if it's correct.