I don't know much about php but i need some script that enables me to download a file via parameter. Files all end with, lets say .dat. So what i do is
$id = $_POST['id'];
$searchparam = sprintf("%s.dat", $id);
$files = glob($searchparam);
Now i could think of something that someone would add a path like '../../' and then is able to download some file from root but there are no .dat files there. But maybe someone could somehow bypass the ending and download any file of their choosing.
Often it is suggested to do preg_replace('/[^-a-zA-Z0-9_]/'
but then someone said that one could use hex-numbers that would then be interpreted into special characters.
Often i read that i should not sanitize the input but rather make sure the parameter is properly put into the command.
So how vulnerable is my script or the glob command?