File manager script security...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

File manager script security...

Post by m3mn0n »

I have a file manager script, and i do not want the users who have php files in a folder above the file manager to be able to use the functions show_source() to view copyrighted script sources, ini_set() to make drastic changes to php, or any other potentially dangerous security risk functions like that.

I'm just baffled a bit on how to disable their use of certain functions like that and keep them for my use. And how to implement the changes, it's kind of a weird topic to search around for, any ideas on doing this?

Thanks!
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

see: http://www.php.net/manual/sl/features.s ... -functions
unfortunatly (for you) this is a PHP_INI_SYSTEM parameter thus it can only be set in php.ini affecting all your scripts.
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Thanks volka. I overlooked that link in the manual. :wink:
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

would be nice to have something like AllowOveride for php_tag, ... in .htaccess but I don't know of anything like that.
Hopefully someone has a better solution :(
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Whoa this project has really required up so much more indepth reading of unfamiliar bits of the manual for me. :?


/me prints off the entire safe mode section of the manual
Post Reply