Guardian-Mage Posted May 8, 2008 Share Posted May 8, 2008 Is it possible to prevent PHP scripts from transversing backwards out of a specified directory? For example, on my Windows Machine, I have F:/wamp/htdocs/ But I can use a directory listing script with a starting directory of ../../../ and it will list all the files in F: I want to stop that, so PHP can't go outside of htdocs. Preferably with .htaccess, but any solution is O.K. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 8, 2008 Share Posted May 8, 2008 When you installed the web server (and php running under that web server) you installed it under your user account on your computer. It has access to any folder or file that you have access to. In real life, a user account would be created for the web server and only the files and folders it should have access to would be given permissions for that user account. You should also be verifying all user input to make sure it only contains what you expect. If you don't want any directory transversal, make sure it does not contain any .. A .htaccess file only determines what happens with a http/https request. The problem occurs after the request is reaching php and is fixed by limiting the account permissions that the web server is running under. Quote Link to comment Share on other sites More sharing options...
Guardian-Mage Posted May 8, 2008 Author Share Posted May 8, 2008 I was asking this for the purpose of setting up a shared hosting account where a user could upload their own php scripts. Thanks for your answer. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.