From: [EMAIL PROTECTED] Operating system: Any PHP version: 4.0.6 PHP Bug Type: Feature/Change Request Bug description: Restricting file system access echo `ls /home`; In a virtual host situation, this is very dangerous. On my own host - as an experiment - I was able to bring back a directory listing of any other site on the same box. I then did an fread() on his database abstraction script and read the passwords for his database. Then I logged into his MySQL database and was free to mess with his site. It would be EXTREMELY useful to be able to limit the scope of the filesystem functions so they can only read files inside $DOCUMENT_ROOT. Although that wouldn't stop me from typing `cat /home/user/www/database.php`; and getting the same data. This really needs addressing, guys! -- Edit bug report at: http://bugs.php.net/?id=13261&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
