My url is like page.php?path=content/x/y/z/aaa.md
. Is the following php code XSS-secure?
include "Parsedown.php";
function path_purifier($path) {
if(substr($path, 0, 8) !== "content/")
return null;
if (strpos($path,'..') !== false)
return null;
return "./" . $path;
}
$parsedown = new Parsedown();
$path = $_GET['path'];
$path = path_purifier($path);
echo $parsedown->text(file_get_contents($path));
Thanks for your attention