Hi,

I have the following in php.ini:

safe_mode = 1
safe_mode_exec_dir = "D://TEST"

This way I can execute files located in TEST.

However, running the following code bypasses that directory and runs
stuff from other locations:

$runCommand = "C:\\WINDOWS\\system32\\shutdown.exe -t:30";
$WshShell = new COM("WScript.Shell");
$output = $WshShell->Exec($runCommand)->StdOut->ReadAll;

How do I prevent people from executing ANYTHING unless it is located
in safe_mode_exec_dir?

Thanks in advance.