On Mon, Mar 31, 2008 at 4:21 AM, Hamar Gábor <ghamar@xxxxxxxxxxx> wrote:
> Hi,
>
> I am a new php user and I have a question, for which I couldn't find any
> answer.
>
> I'd like to restrict php code to access the filesystem. I'd like to have
> only one directory where the php code can write, create or read files,
> and an other directory hierarchy where the php codes present. I need
> this to avoid php code to rewrite other php code in case of bug and/or
> an attack.
Are you saying that you want to use one file to allow people to
write to your server without allowing them to overwrite other files?
Try creating a directory, chmod 777 if needed, and then in your write
routing, disallow periods (.), slashes (/), backslashes (\), et
cetera. And you may also want to look into escapeshellarg() and
escapeshellcmd() depending on your code. You can also chmod the
directory and all files within where the PHP files are located to 644,
which will disallow writing if Apache isn't running suExec.
--
</Daniel P. Brown>
Forensic Services, Senior Unix Engineer
1+ (570-) 362-0283
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
