In Kohana's core class, there is a constant FILE_SECURITY
.
string(60) "<?php defined('SYSPATH') or die('No direct script access.');"
Now obviously if you place this at the start of your files, and if it is accessed outside of the Kohana environment, it will die()
.
But what is the purpose of this constant? We can't eval()
it because it has a leading <?php
.
Does Kohana create PHP files somewhere and uses it to prepend it to the start of the file?
The Kohana_Log_File::write
function uses the constant:
// Set the name of the log file
$filename = $directory.date('d').EXT;
if ( ! file_exists($filename))
{
// Create the log file
file_put_contents($filename, Kohana::FILE_SECURITY.' ?>'.PHP_EOL);
// Allow anyone to write to log files
chmod($filename, 0666);
}
Looks like it's inserted into a log to stop it from being read from a public URL.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With