I need to validate passed file path, before it will be written to disk and new directory structure for it will be created. For example, we have $path = "/uploads/base/../../user_new_dir/img.jpg". This is incorrect path due to "/.." ("/uploads/base" - allowed for saving directory, "/user_new_dir/img.jpg" - user defined path and file name).
I can't use realpath($path), because it works only with existing files. I can't use realpath(dirname($path)), because we may create new folders for saving file.
I look for script, which checks all possible cases. I worry that I can miss something like multi-byte representation of the '.' character or others unexpected ways, which may cause security issues. Could you advice appropriate implementation of my task in any framework or cms, so I could look into it?
..in the string?