I use open_basedir with the ini_set function. I want to restrict it to a specific directory like this
__DIR__ . '/my_directory';
So like this it works! I can't include the parent folder with this include
include "../parent/my_file.php";
But if I use this
include include __DIR__ . '../parent/my_file.php';
I can access to the parent folder despite I have an open_basedir active.
When I get all included files I can see my parent folder included like this :
"/my_directory/../parent/my_file.php
So I think PHP understands them like a folder and don't see that it's the parent folder. I am right?
Do you know if there is a solution to this problem? Because I need to restrict the include to my specific folder and I don't want to go higher in the hierarchy.
PS. I'm a newbie on SO. I hope it was understandable! Thanks in advance!
Even when specifying open_base_dir in PHP, there is several commands that can bypass this if they are enabled (like
system())You should make sure that your Apache (or other webserver) configuration also limits the user to a certain root.
The default open_basedir restrictions for shared Linux hosting accounts have no value. PHP scripts can access all directories within your hosting account.
If your apache config has:
php_admin_value open_basedir "/var/www/vhosts/httpdocs"than this will override you php settings.Please create a file to check phpinfo like this and verify what the setting is there: