stackoom
  简体   繁体   中英

how to prevent plugin from accessing config files

 原文  2016-06-17 16:23:01       php

Question

Am writing an application which support the use plugins which can be hooked to the admin.

How do i protect the config files because currently, if a plugin developer writes: 

$msg=__FTP_PASS__; 

mail("email@email","subject",$msg);

The message get sent along with the password. How do i prevent this because this happens because i included "config.php" at the top of admin page. Thanks. #am sorry, i dont know how to format question on stackoverf

1 answers

solution1
 0  2016-06-17 16:41:34

You can prevent this with some sort of PHP sandbox (runkit's Runkit_Sandbox class comes to mind), but it isn't a standard part of PHP and using it properly will not be trivial.

Letting users run arbitrary code is never a good idea.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to prevent users from accessing files on server? How to prevent users from accessing files directly from url? How can I prevent users from accessing include files? Accessing CI's config file from a plugin's config file How to prevent users from accessing admin pages Prevent users from accessing php files by typing it directly Prevent people from accessing your classes and include files directly How to hide config files from direct access? Accessing new Laravel config files during request How to prevent including database config.php from another client?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM