55header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on)
56header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
57
58print "*** TEST READ OF /tmp/test.txt FILE (Example: if file exists and owned by apache process owner + PrivateTmp is false + apparmor rules allows read of owned files in /tmp/, then you should see the file)<br>\n";
59
60$out='';
61$ret=0;
62
63$file = '/tmp/test.txt';
64$f=fopen($file, 'r');
65if ($f) {
66 $s=fread($f, 4096);
67 print $s;
68 fclose($f);
69} else {
70 print "Failed to open file ".$file."<br>\n";
71}
72
73print '<br><br>'."\n";
74
75
76print "*** TEST READ OF /test.txt FILE AND LS /dev/std*<br>\n";
77
78exec('cat /test.txt; ls /dev/std*; sleep 1;', $out, $ret);