Am writing an application which support the use plugins which can be hooked to the admin.
How do i protect the config files because currently, if a plugin developer writes:
$msg=__FTP_PASS__;
mail("email@email","subject",$msg);
The message get sent along with the password. How do i prevent this because this happens because i included "config.php" at the top of admin page. Thanks. #am sorry, i dont know how to format question on stackoverf
You can prevent this with some sort of PHP sandbox (runkit's Runkit_Sandbox class comes to mind), but it isn't a standard part of PHP and using it properly will not be trivial.
Letting users run arbitrary code is never a good idea.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.