6 Filesystem Access: Accessing the Filesystem for Fun and Profit
Sometimes you just can’t avoid dealing directly with the filesystem. Files have to be opened, created, modified, and deleted. In this chapter, we discuss how to go about these tasks without opening up your application to every script kiddie with a couple of hours to kill.
Opening Files
There are two types of files an application can open in PHP:
• Local files
• Remote files
Both carry some risk, but opening local files is generally safer, so we’ll start there. Opening a local file is just like any other system call; as long as you’re careful to verify what you’re opening and don’t allow access to anything but what you intend, you’ll be all right. ...
Get Securing PHP Web Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.