Wouldn't they still be able to overwrite each other? I don't think I expressed myself clearly. The point of the protection is to keep the scripts from overwriting each other on purpose. It was a protection that would make it posible to upload scripts, even if you were not completly sure they were safe.
tor, 08 06 2006 kl. 17:30 -0400, skrev tedd: > At 10:37 PM +0200 6/8/06, Mathias Bundgaard Svesson wrote: > >Restrict them not to overwrite other modules or overwrite the CMS > >itself. Each module should have it's own directory, and it shouldn't be > >allowed to change anything outside it. > > > >tor, 08 06 2006 kl. 21:49 +1000, skrev chris smith: > >> On 6/8/06, Mathias Bundgaard Svesson <[EMAIL PROTECTED]> wrote: > >> > Hi! > >> > I'm trying to create a CMS where it should be posible to upload script > >> > modules. Those modules should mostly be made by myself, but it is > >> > posible for others to create scripts too. My question is, is it posible > >> > to restrict the modules to their own directory so they don't overwrite > > > > some of the other modules or the CMS itself? > > Mathias: > > Well then, how about this? > > You can create a "uniquely" named id by using: > > $unique_id = md5(uniqid(microtime(), true)); > > and then use that name as a folder for each person submitting scripts OR use > the unique id as a suffix for their cms file. Either way, it should stop > persons from overwriting cms files. > > I would also suggest that you keep track of these id's in a dB. If you are > still concerned about two people having the same unique, then you could > search the dB to see if the recently created id exist. If it does, then > generate another one. > > I use a similar method for making sure that the images I upload have unique > names. > > hth's > > tedd > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
