ID: 22598 User updated by: luke at cywh dot com Reported By: luke at cywh dot com Status: Open Bug Type: CGI related Operating System: Windows XP PHP Version: 4.3.1 New Comment:
I run a small hosting operation like geocities (free 20mb), and i offer php support. problem is, is the users can access anything on my computer on php. infact one did which is why im typing this up. someone suggested to set openbase_dir, but when i do it shows up as no value in the phpinfo() and it seems to not work at all. from what i understand is if you put a . or something, or set it, its supposed to not allow scripts to access any file outside the folder, but can allow subfolders from that script. i run a webmail php script that has to access c:/windows/temp/itsname/ i dont want any user to access anything outside their folder. i run apache 2.0.43. someone said i should downgrade php and apache which i dont want to do. ive had to many problems with apache 1.3 and im not going to downgrade from 2.0. i dont feel i have to do it anyway. if i have to disable php use for the users folders i will, but i dont really want to take away a feature ive already promissed. thanks guys Luke Scott www.cywh.com (http://cytech.cywh.com/phpinfo.php) (if you could, please send me an email) Previous Comments: ------------------------------------------------------------------------ [2003-03-07 19:21:03] luke at cywh dot com I run a small hosting operation like geocities (free 20mb), and i offer php support. problem is, is the users can access anything on my computer on php. infact one did which is why im typing this up. someone suggested to set openbase_dir, but when i do it shows up as no value in the phpinfo() and it seems to not work at all. from what i understand is if you put a . or something, or set it, its supposed to not allow scripts to access any file outside the folder, but can allow subfolders from that script. i run a webmail php script that has to access c:/windows/temp/itsname/ i dont want any user to access anything outside their folder. i run apache 2.0.43. someone said i should downgrade php and apache which i dont want to do. ive had to many problems with apache 1.3 and im not going to downgrade from 2.0. i dont feel i have to do it anyway. if i have to disable apache use for the users folders i will, but i dont really want to take away a feature ive already promissed. thanks guys Luke Scott www.cywh.com (http://cytech.cywh.com/phpinfo.php) (if you could, please send me an email) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=22598&edit=1