On Sat, 2015-05-16 at 15:32 +0200, Patrick Schaaf wrote: > None of this whitelisting-by-filename would be practical for our setup. > Have a look at what Smarty does with compiled templates and cached pages: > PHP includes generated on the fly, with filenames that are not known in > advance. For such usage a whitelisting per realpath prefix, would be the > only reasonable approach.
That whitelist is called open_basedir. http://php.net/manual/en/ini.core.php#ini.open-basedir johannes -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
