By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,278 Members | 1,357 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,278 IT Pros & Developers. It's quick & easy.

Disable relative path in php.ini

P: n/a
As I remember, php has a settings which can disable the PHP codes to
open a file like that...
<?php

echo file_get_contents("../temp/../test.php");

?>

Anyone can confirm is that such a setting?

thanks.

Feb 14 '07 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Rik
howa wrote:
As I remember, php has a settings which can disable the PHP codes to
open a file like that...

<?php
echo file_get_contents("../temp/../test.php");
?>

Anyone can confirm is that such a setting?

I have no idea which setting this would be. open_basedir can be used to
box users in, maybe that's what you're after?

--
Rik Wasmus
Feb 14 '07 #2

P: n/a
howa wrote:
echo file_get_contents("../temp/../test.php");
Easy way is to just check to see whether your file path matches this PCRE:

#(^|/)..(/|$)#

That is the start of the string followed by '../'; or '/../' anywhere in
the string; or '/..' at the end of the string; or the string consisting
only of '..'.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!
Feb 14 '07 #3

P: n/a
If you are trying to solve shared-hosting security problems, check
capter 42 of manual (Safe mode)
http://www.php.net/manual/en/features.safe-mode.php
Hope this will help.

howa:
As I remember, php has a settings which can disable the PHP codes to
open a file like that...
<?php

echo file_get_contents("../temp/../test.php");

?>

Anyone can confirm is that such a setting?

thanks.
Feb 14 '07 #4

This discussion thread is closed

Replies have been disabled for this discussion.