Template::IsValidPath PHP Method

    public static function IsValidPath($p_path, $p_checkIfExists = true)
    {
        global $Campsite;
        foreach (explode("/", $p_path) as $index => $dir) {
            if ($dir == "..") {
                return false;
            }
        }
        if ($p_checkIfExists && !is_dir($Campsite['TEMPLATE_DIRECTORY'] . "/{$p_path}") && !is_file($Campsite['TEMPLATE_DIRECTORY'] . "/{$p_path}") && !is_link($Campsite['TEMPLATE_DIRECTORY'] . "/{$p_path}")) {
            return false;
        }
        return true;
    }

<?php
require_once($GLOBALS['g_campsiteDir']. "/$ADMIN_DIR/templates/template_common.php");

$f_template_code = Input::Get('f_template_code', 'array', array(), true);
$f_destination_folder = Input::Get('f_destination_folder', 'string', '', true);
$f_current_folder = Input::Get('f_current_folder', 'string', 0, true);
$f_action = Input::Get('f_action');

$f_current_folder = urldecode($f_current_folder);

if (!Template::IsValidPath($f_current_folder) || !Template::IsValidPath($f_destination_folder)) {
	camp_html_goto_page("/$ADMIN/templates/");
}

foreach ($f_template_code as $name) {
     if (!Template::IsValidPath($name, false)) {
    	camp_html_goto_page("/$ADMIN/templates/");
    }
}

//
// Check permissions
//
if ($f_action == "move") {
	if (!$g_user->hasPermission("ManageTempl")) {
		camp_html_display_error(getGS("You do not have the right to move articles."));
		exit;
	}
}

// $articles array: