public function cleanPath() { // prevent Poison Null Byte injections $path = str_replace(chr(0), '', $this->path); // prevent go out of the workspace while (strpos($path, '../') !== false) { $path = str_replace('../', '', $path); } return $path; }