The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP: ip/~user

Discussion in 'General Discussion' started by Robbinz, Feb 28, 2005.

  1. Robbinz

    Robbinz Registered

    Joined:
    Dec 12, 2003
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    I just ran into a problem, when customers are useing http://ip/~user they are able to read out homedirs of the current IP owner.

    So let's say Use:
    http://1.2.3.4/~myuser

    and the IP is beloning to:
    mydomain.ext

    My customer can do something like this:

    echo get_file_contents($_SERVER['DOCUMENT_ROOT'] . /"mainconfigfile.ext");

    they are printing out the /home/mydomain.ext/public_html/mainconfigfile.ext instead of /home/user/public_html/mainconfigfile.ext

    is there anyway how to solve this problem?

    Kind Regards,

    Robbin
     
  2. germanette

    germanette Active Member

    Joined:
    Jul 26, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    I think this is what you're looking for, php's open_basedir protection prevents users from opening files outside of their home directory with php.

    You can enable protection through WHM>>Server Setup>>Tweak Security
     
Loading...

Share This Page