Usually, I try to set my folders to have permission 775, but some web-hosting refuses to let PHP writes or move files to any folders unless it has permission 777 (it may be open_dir or safe mode).
Are there any ways to prevent any PHP files from being ran from such folders, in case a malicious PHP script has been uploaded there?
...
First of all, I would like to say that I have used the search box looking for a similar question and was unsuccessful, maybe because of my poor english skills.
I have a a 'homemade' framework. I have certain PHP files that must only be visible for the admin. The way I currently do this is check within every single page to see if a sessi...
Hi,
How to do Php Security check for input user fields and input user treatment(please if you can solve example1+2)?
Example1: check if user insert url or something else:
<label>url: </label>
<input type="text">
Example2: check if user insert html or something else
<label>paste html: </label>
<textarea></textarea>
thanks
...
Why is not secure allow to access to resources with URIs like "http://example.com/badcode.txt"?
What means non-file-based?
i'm reading this PHP security check list:
http://www.sk89q.com/2009/08/definitive-php-security-checklist/
thx
^_^
...
I use this configuration:
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.Encoding', 'UTF-8');
$config->set('HTML.Doctype', 'XHTML 1.0 Strict');
$config->set('HTML.SafeObject', true);
$config->set('Output.FlashCompat', true);
$config->set('HTML.Allowed', 'object[width|height|data],param[name|value],embed[src|type|allo...
Is there any way to limit PHP's unserialize() to only parse arrays?
For security reasons. Suppose there is is an evil __unserialize() magic method in the unserialized object I don't wanna call!
...