This is a very simple version without any error handling of what i want my php-script to do:
echo json_encode( scandir($_GET['d']) );
Now i want to restrict file access for this, such that the index is only built, if the given path is one, which say Apache also serves an auto-index for.
Alternatively, if this cannot be achieved easily, it would be sufficient to check, whether the queried directory is owned by the same user php running php (i.e. posix_geteuid();)