I use open_basedir with the ini_set function. I want to restrict it to a specific directory like this
__DIR__ . '/my_directory';
So like this it works! I can't include the parent folder with this include
include "../parent/my_file.php";
But if I use this
include include __DIR__ . '../parent/my_file.php';
I can access to the parent folder despite I have an open_basedir active.
When I get all included files I can see my parent folder included like this :
"/my_directory/../parent/my_file.php
So I think PHP understands them like a folder and don't see that it's the parent folder. I am right?
Do you know if there is a solution to this problem? Because I need to restrict the include to my specific folder and I don't want to go higher in the hierarchy.
PS. I'm a newbie on SO. I hope it was understandable! Thanks in advance!
Even when specifying open_base_dir in PHP, there is several commands that can bypass this if they are enabled (like system() )
You should make sure that your Apache (or other webserver) configuration also limits the user to a certain root.
The default open_basedir restrictions for shared Linux hosting accounts have no value. PHP scripts can access all directories within your hosting account.
If your apache config has:
php_admin_value open_basedir "/var/www/vhosts/httpdocs"
than this will override you php settings.
Please create a file to check phpinfo like this and verify what the setting is there:
<?php
phpinfo();
?>