Menu
In Kohana's core class, there is a constant FILE_SECURITY.
string(60) "<?php defined('SYSPATH') or die('No direct script access.');"
Now obviously if you place this at the start of your files, and if it is accessed outside of the Kohana environment, it will die().
But what is the purpose of this constant? We can't eval() it because it has a leading <?php.
Does Kohana create PHP files somewhere and uses it to prepend it to the start of the file?
992
The Kohana_Log_File::write function uses the constant:
// Set the name of the log file
$filename = $directory.date('d').EXT;
if ( ! file_exists($filename))
{
// Create the log file
file_put_contents($filename, Kohana::FILE_SECURITY.' ?>'.PHP_EOL);
// Allow anyone to write to log files
chmod($filename, 0666);
}
Looks like it's inserted into a log to stop it from being read from a public URL.
119
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
