public static function isInsecurePath($strPath)
{
// Normalize backslashes
$strPath = strtr($strPath, '\\', '/');
$strPath = preg_replace('#//+#', '/', $strPath);
// Equals ..
if ($strPath == '..') {
return true;
}
// Begins with ./
if (substr($strPath, 0, 2) == './') {
return true;
}
// Begins with ../
if (substr($strPath, 0, 3) == '../') {
return true;
}
// Ends with /.
if (substr($strPath, -2) == '/.') {
return true;
}
// Ends with /..
if (substr($strPath, -3) == '/..') {
return true;
}
// Contains /../
if (strpos($strPath, '/../') !== false) {
return true;
}
return false;
}