Running PHP in Apache using the MODULE configuration.
Apache/1.3.14 (Win32) PHP/4.0.6 mod_ssl/2.7.2 OpenSSL/0.9.6 running.
With the following:
php_admin_flag safe_mode on
php_admin_value open_basedir c:/pr
php_admin_value doc_root c:/pr
php_admin_value user_dir c:/pr
IT SUCCESSFULLY blocks reads in directories other than c:/pr, but it DOES
NOT block unlinks (file deletion) outside of the c:/pr directory. So... My
users cannot read other users files, however they can delete anything they
want. Very strange. Is there a way (without using nt permissions) to block
the deleting of files like blocking the reading of files. With the above
configuration you CANNOT read from outside the c:/pr, but you can delete
files outside of it.
<?php
echo "Peace!";
//unlink ("c:/test.txt");// UNLINK WORKS (bad)
$fp = fopen ("c:/test.txt", "r"); // FAILS SECURITY CHECK (Good)
echo "Dude10";
?>
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
