how can i make uploading plugin process secure

Question

lets take the word press example now when you want to add new plugin you have to upload the plugin file (php file) in that case, may some one evil know your admin password and go to and upload a plugin but not realy plugin its evil code to hack your site

may we use function like this to check the content , but i know know , may the other plugins contand the same code? or i can dsable some functions in it?

You cannot *reliably* check for "bad" code. Too many ways to obfuscate that, a simple blacklist won't do. — mario, Jan 23 '12 at 18:21

score 2 · Answer 1 · edited May 23 '17 at 12:27

2

By allowing someone to run their code in your project, some level of trust must be given.

What you're asking is already answered here: PHP: How To Disable Dangerous Functions

edited May 23 '17 at 12:27

Community

1
1

answered Jan 23 '12 at 18:26

Tobiasberg

36
2

how can i make uploading plugin process secure

1 Answers1