Let's say I can control the variable $path
and the full path is generated as follows:
$full_path = "./valid_dir/docs/" . trim($path) ;
readfile($full_path) ;
where docs
a non existent dir in the path.
Is it still possible ,with some trick perhaps to ignore docs, to perform a path traversal attack ?