Page 1 of 1

Restrict PHP scripts from accessing higher directories

Posted: Fri Jul 23, 2010 9:34 am
by colin22
I have a folder, lets call it /www/

Within that folder I have a bunch of sub directories

/www/user1/
/www/user2/
/www/user3/
ect..

Users can upload php files to their directory if they want, but there is nothing to stop a script in /www/user1/ from accessing files in /www/user2/

Theoretically, users could modify or delete another users files. I could disable the modify/delete functions, but it not a very good solution. Is there a way to restrict a php script to only accessing files within its own directory or subdirectories?

Re: Restrict PHP scripts from accessing higher directories

Posted: Sat Jul 24, 2010 8:55 pm
by André D
You can use realpath() to make sure the actual path you're working in is what you expect it to be. See this thread: viewtopic.php?f=34&t=116002

Re: Restrict PHP scripts from accessing higher directories

Posted: Sun Jul 25, 2010 5:47 am
by kaisellgren
Are you establishing a shared hosting server? If so, then take a look at suPHP.