Is there any apache or php solution which would prevent a php script from including a file or chdir'ing outside of the directory in which it exists? e.g. prevent a php script from "include('../someotherdir/dbpassword.php);" Many [improper? :rolleyes: ] searches here and on Google have turned up nothing useful.
The situation: shared host (no access to server php.ini; .htaccess files are usable). A subdomain/subdirectory will be given to a friend to administer certain php apps for me such as CMS, forums, etc. An ftp account will be given to restrict access only to that directory. S/he will install, administer, do upgrades to the CMS, forums, etc. However, I want to ensure that they can't arbitrarily write their own php script and include or read files outside the assigned directory.
This would be similar to the fact that I cannot include files or chdir outside of the /home/myusername directory, which I understand is a php.ini thing. In this situation, is there an equivalent .htaccess php_flag or php_value or other directive that would restrict the base directory? 😕
Or is the only solution to always do the installs/upgrades myself? 🙁
