Menu
I’m developing a thing where I will have two very distinct components.
Structure at this moment is
Core:
Stuff inside the core
3prty:
Third party developed stuff
Now, what I want to do is to keep the third party developed php script from doing something like
scandir("../");
or
require "../core/anyfile.php";
or
file_get_contents("../core/SourceCode.php");
Is there anyway to make this happen? Any help is appreciated. Thanks in advance.
I am running Apache, and it’s my own server, so I can set up any extension etc. The solution must be viable for production envirement, and I need to be able to allow 3rd party script, knowing that they might be malicious.
271
Sounds like setting open_basedir for the 3rd party directory would work. This won't keep 3rd party scripts from "knowing" about other 3P scripts, but it would prevent accessing core or any external system files.
56
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
