- strpos: documentation ( source)
- str_replace: documentation ( source)
<?php
$strImageFile = "../a..../sdf/dfgh/dfgh.jpg";
// Actually fix the directory traversal vulnerability...
while (strpos($strImageFile, "../") !== false) {
$strImageFile = str_replace("../", "", $strImageFile);
}
print $strImageFile;
?>