Hi Johannes, On Sat, May 16, 2015 at 11:32 PM, Johannes Schlüter <johan...@schlueters.de> wrote:
> That whitelist is called open_basedir. > http://php.net/manual/en/ini.core.php#ini.open-basedir > I'm trying to eliminate risks of script inclusion attack. open_basedir is not good enough to prevent include('/path/to/upload/attack_image_file.png'); Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
