Page 1 of 1
Please help: readdir problem
Posted:
11. May 2004 18:31
by Lexje
Well, Everything is working fine.. but when I allow someone to upload files in any map in htdocs and they should use a $readdir script they can list all my pc files.. How can I prevent them from reading outside my htdocs dir??
Posted:
11. May 2004 19:10
by Wiedmann
php.ini:
open_basedir = "PathToHtdocs"
or httpd.conf:
php_admin_value open_basedir "PathToHtdocs"
Posted:
11. May 2004 19:47
by Lexje
Wiedmann wrote:php.ini:
open_basedir = "PathToHtdocs"
or httpd.conf:
php_admin_value open_basedir "PathToHtdocs"
that worked! thx really much
Posted:
11. May 2004 20:24
by Lexje
mm Can I also acces some of outside directories to use $readdir on?
Posted:
11. May 2004 22:05
by Wiedmann
No. But you can put this special script in an extra directory.
Example:
httpd.conf
------------------------------------------------------------
<Directory "C:/xampp/htdocs">
php_admin_value open_basedir "C:/xampp/htdocs"
</Directory>
<Directory "C:/xampp/htdocs/special">
php_admin_value open_basedir none
</Directory>
------------------------------------------------------------
All scripts in "C:/xampp/htdocs" and below have only access to "C:/xampp/htdocs" and below. But scripts in "C:/xampp/htdocs/special" can access the whole server.
Posted:
11. May 2004 23:22
by Lexje
Can I just put that code in the same httpd.conf file in apache or should I create a seperate file called httpd.conf for example in the dir I want to allow access?
Posted:
11. May 2004 23:58
by Wiedmann
You must adapt the existing entries (<Directory "C:/xampp/htdocs">) in the httpd.conf and/or extend the file with the new entries (<Directory "C:/xampp/htdocs/special">).
There can be only one httpd.conf in your system.