Jump to content

Recommended Posts

Is it possible to prevent PHP scripts from transversing backwards out of a specified directory? For example, on my Windows Machine, I have F:/wamp/htdocs/ But I can use a directory listing script with a starting directory of ../../../ and it will list all the files in F:

 

I want to stop that, so PHP can't go outside of htdocs. Preferably with .htaccess, but any solution is O.K.

Link to comment
https://forums.phpfreaks.com/topic/104693-solved-directory-transversal/
Share on other sites

When you installed the web server (and php running under that web server) you installed it under your user account on your computer. It has access to any folder or file that you have access to.

 

In real life, a user account would be created for the web server and only the files and folders it should have access to would be given permissions for that user account.

 

You should also be verifying all user input to make sure it only contains what you expect. If you don't want any directory transversal, make sure it does not contain any ..

 

A .htaccess file only determines what happens with a http/https request. The problem occurs after the request is reaching php and is fixed by limiting the account permissions that the web server is running under.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.