Prevent access to files outside a certain directory in PHP

Posted by James L on Stack Overflow See other posts from Stack Overflow or by James L
Published on 2010-05-22T02:31:22Z Indexed on 2010/05/22 2:40 UTC
Read the original article Hit count: 223

Filed under:
|

I've found out the hard way that my website can be hacked by passing a query string parameter that has many ../s to access files outside of the website directory, and then screw with the website.

Is there a way, perhaps through the php.ini, to not allow file includes outside of a certain root directory?

© Stack Overflow or respective owner

Related posts about php

Related posts about security