I have a folder, lets call it /www/
Within that folder I have a bunch of sub directories
/www/user1/
/www/user2/
/www/user3/
ect..
Users can upload php files to their directory if they want, but there is nothing to stop a script in /www/user1/ from accessing files in /www/user2/
Theoretically, users could modify or delete another users files. I could disable the modify/delete functions, but it not a very good solution. Is there a way to restrict a php script to only accessing files within its own directory or subdirectories?
Restrict PHP scripts from accessing higher directories
Moderator: General Moderators
Re: Restrict PHP scripts from accessing higher directories
You can use realpath() to make sure the actual path you're working in is what you expect it to be. See this thread: viewtopic.php?f=34&t=116002
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Restrict PHP scripts from accessing higher directories
Are you establishing a shared hosting server? If so, then take a look at suPHP.