Please help: readdir problem

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Please help: readdir problem

Postby Lexje » 11. May 2004 18:31

Well, Everything is working fine.. but when I allow someone to upload files in any map in htdocs and they should use a $readdir script they can list all my pc files.. How can I prevent them from reading outside my htdocs dir??
Lexje
 
Posts: 9
Joined: 03. May 2004 21:08

Postby Wiedmann » 11. May 2004 19:10

php.ini:
open_basedir = "PathToHtdocs"

or httpd.conf:
php_admin_value open_basedir "PathToHtdocs"
Wiedmann
AF Moderator
 
Posts: 17102
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany

Postby Lexje » 11. May 2004 19:47

Wiedmann wrote:php.ini:
open_basedir = "PathToHtdocs"

or httpd.conf:
php_admin_value open_basedir "PathToHtdocs"


that worked! thx really much
Lexje
 
Posts: 9
Joined: 03. May 2004 21:08

Postby Lexje » 11. May 2004 20:24

mm Can I also acces some of outside directories to use $readdir on?
Lexje
 
Posts: 9
Joined: 03. May 2004 21:08

Postby Wiedmann » 11. May 2004 22:05

No. But you can put this special script in an extra directory.

Example:
httpd.conf
------------------------------------------------------------
<Directory "C:/xampp/htdocs">
php_admin_value open_basedir "C:/xampp/htdocs"
</Directory>

<Directory "C:/xampp/htdocs/special">
php_admin_value open_basedir none
</Directory>
------------------------------------------------------------

All scripts in "C:/xampp/htdocs" and below have only access to "C:/xampp/htdocs" and below. But scripts in "C:/xampp/htdocs/special" can access the whole server.
Wiedmann
AF Moderator
 
Posts: 17102
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany

Postby Lexje » 11. May 2004 23:22

Can I just put that code in the same httpd.conf file in apache or should I create a seperate file called httpd.conf for example in the dir I want to allow access?
Lexje
 
Posts: 9
Joined: 03. May 2004 21:08

Postby Wiedmann » 11. May 2004 23:58

You must adapt the existing entries (<Directory "C:/xampp/htdocs">) in the httpd.conf and/or extend the file with the new entries (<Directory "C:/xampp/htdocs/special">).

There can be only one httpd.conf in your system.
Wiedmann
AF Moderator
 
Posts: 17102
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 146 guests