SAFE_MODE and executing files using PHP on Windows

[crimsontwo]

Hi,

 

I have the following in php.ini:

 

safe_mode = 1

safe_mode_exec_dir = "D://TEST"

 

This way I can execute files located in TEST.

 

However, running the following code bypasses that directory and runs stuff from other locations:

 

$runCommand = "C:\\WINDOWS\\system32\\shutdown.exe -t:30";

$WshShell = new COM("WScript.Shell");

$output = $WshShell->Exec($runCommand)->StdOut->ReadAll;

 

How do I prevent people from executing ANYTHING unless it is located in safe_mode_exec_dir?

 

Thanks in advance.