I'm using XAMPP on Windows 8.1.
I've this in apache config:
DocumentRoot "C:\Users\David\Dropbox\Programming\PHP"
<Directory "C:\Users\David\Dropbox\Programming\PHP">
VHosts:
<VirtualHost *:80>
ServerName http://spedice
DocumentRoot "C:\Users\David\Dropbox\Programming\PHP\Projects_Kuba\Spedice\SczCMS\www"
</VirtualHost>
<VirtualHost *:80>
ServerName http://domaciucetnictvi
DocumentRoot "C:\Users\David\Dropbox\Programming\PHP\Projects_Kuba\DomaciUcetnictvi\www"
</VirtualHost>
But if I try accessing root directory - C or accessing some folder like C:\Program Files etc. It normally works. How can I disable going outside of this folder: C:\Users\David\Dropbox\Programming\PHP?
Fxp:
script.php
<?php
mkdir('../../../../../../folder');
?>
Placed in: C:\Users\David\Dropbox\Programming\PHP\Projects_Kuba\DomaciUcetnictvi\www
Called like: http://domaciucetnictvi/script.php
Thanks!
Try to modify the open_basedir settings in your PHP config (just see Runtime Configuration for further information). This will prevent PHP from accessing directories outside of the definded basedir(s).
---EDIT---
To be a bit more conclusive. You can set open_basedir in your Apache configuration file, php.ini, or in a .htaccess file.
In php.ini, you can do this for example by adding:
open_basedir = "/path/to/first/folder:/path/to/second/folder"
In .htacces you can do it with:
php_flag open_basedir "/path/to/first/folder"
In your Apache config try:
<Directory /docroot1>
php_admin_value open_basedir /path/to/first/folder
</Directory>
<Directory /docroot2>
php_admin_value open_basedir /path/to/second/folder
</Directory>