Originally Posted by falko
Yes. Something like this should work:
php_admin_flag safe_mode On
php_admin_value open_basedir /var/www/web1/
php_admin_value file_uploads 1
php_admin_value upload_tmp_dir /var/www/web1/phptmp/
php_admin_value session.save_path /var/www/web1/phptmp/
Of course, you must adjust the paths.
That worked well.
Glad to have that security flaw fixed up, now I can rest easy knowing users my servers can't read/view anything they aren't allowed to!