== How to fix it in Core PHP

=== Code examples

:code_impact: read

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,php,diff-id=1,diff-type=noncompliant]
----
$fileName = $_GET["filename"];

file_get_contents($fileName); // Noncompliant
----

==== Compliant solution

[source,php,diff-id=1,diff-type=compliant]
----
$fileName = $_GET["filename"];
$targetDirectory = "/path/to/target/directory/";

$path = realpath($targetDirectory . $fileName);

if (str_starts_with($path,  $targetDirectory)) {
    file_get_contents($path);
}
----

=== How does this work?

:canonicalization_function: `realPath`

include::../../common/fix/self-validation.adoc[]