Jump to content

SAFE_MODE and executing files using PHP on Windows


crimsontwo

Recommended Posts

Hi,

 

I have the following in php.ini:

 

safe_mode = 1

safe_mode_exec_dir = "D://TEST"

 

This way I can execute files located in TEST.

 

However, running the following code bypasses that directory and runs stuff from other locations:

 

$runCommand = "C:\\WINDOWS\\system32\\shutdown.exe -t:30";

$WshShell = new COM("WScript.Shell");

$output = $WshShell->Exec($runCommand)->StdOut->ReadAll;

 

How do I prevent people from executing ANYTHING unless it is located in safe_mode_exec_dir?

 

Thanks in advance.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.