Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Joomla.

  1. Use JPath::clean() to normalise paths and JPath::check() to validate that the resolved path is within the allowed base directory:

  2. JPath::check($filePath);

  3. Never pass raw user input to JFile::read() or PHP file functions.

  4. Validate uploaded file types using JFile::getExt() and an allowlist.

Back to top