Hi Johannes, On Sat, May 16, 2015 at 11:32 PM, Johannes Schlüter <[email protected]> wrote:
> That whitelist is called open_basedir. > http://php.net/manual/en/ini.core.php#ini.open-basedir > I'm trying to eliminate risks of script inclusion attack. open_basedir is not good enough to prevent include('/path/to/upload/attack_image_file.png'); Regards, -- Yasuo Ohgaki [email protected]
