Mibew/mibew
1
0
Fork 0
mirror of https://github.com/Mibew/mibew.git synced 2025-02-06 16:04:41 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Make open_basedir protection optional (opt-in policy)

Browse Source
This commit is contained in:
Fedor A. Fetisov 2014-03-07 17:56:12 +04:00
parent f3ec6dd53b
commit 2ff5ea3fb6
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/mibew/libs/common.php
View File

@ -15,12 +15,14 @@
* limitations under the License.
*/
// Prevent Mibew from access to files outside the installation
@ini_set('open_basedir', dirname(dirname(__FILE__)));
require_once(dirname(__FILE__) . '/converter.php');
require_once(dirname(__FILE__) . '/config.php');
if (isset($use_open_basedir_protection) && $use_open_basedir_protection) {
// Prevent Mibew from access to files outside the installation
@ini_set('open_basedir', dirname(dirname(__FILE__)));
}
// Sanitize path to application and remove extra slashes
$mibewroot = join("/", array_map("urlencode", preg_split('/\//', preg_replace('/\/+$/', '', preg_replace('/\/{2,}/', '/', '/' . $mibewroot)))));

5
src/mibew/libs/config.php
View File

@ -49,4 +49,9 @@ $mail_encoding = "utf-8";
$home_locale = "en"; /* native name will be used in this locale */
$default_locale = "en"; /* if user does not provide known lang */
/*
* Additional protection using open_basedir
*/
$use_open_basedir_protection = false;
?>