How to restrict file system access in PHP?

前端 未结 2 536
旧时难觅i
旧时难觅i 2021-01-21 10:31

Someone knows a trick to have a PHP script self-restrict access to the file system (fopen, file_get_contents etc.)?

Such calls should be blocke

相关标签:
2条回答
  • 2021-01-21 10:49

    Option #1

    You can use open_basedir which is a php.ini directive to limit the directories the app has access too. The directories can be semicolon separated so you can just list the directories you want the app to access including the /tmp folder.

    The caveat is that this also affects things like include, require.

    Option #2

    You could rename them using rename_function or runkit_function_rename and then wrap the renamed versions with your own logic.

    Quote from the documentation:

    Renames a orig_name to new_name in the global function table. Useful for temporarily overriding built-in functions.

    Example:

    rename_function('file_get_contents', 'nouse_file_get_contents');
    
    function file_get_contents($filename, $use_include_path = false, $context, $offset = -1, $maxlen) {
        //
        // Do some validation here
        //
        return nouse_file_get_contents($filename, $use_include_path, $context, $offset, $maxlen);
    }
    

    Option #3

    You could setup some coding standards for your devs and write some unit tests that run as part of the deployment before things are pushed to production. Not sure what your release procedures are but these types of things should be caught before production.

    0 讨论(0)
  • 2021-01-21 10:56

    you could of course have everybody develop run php as a user which has only access to the files you want. but this is an OS level solution.

    0 讨论(0)
提交回复
热议问题