In Kohana’s core class, there is a constant FILE_SECURITY . string(60) <?php defined(‘SYSPATH’) or

Question

0

Asked: May 18, 20262026-05-18T04:02:59+00:00 2026-05-18T04:02:59+00:00

In Kohana’s core class, there is a constant FILE_SECURITY . string(60) <?php defined(‘SYSPATH’) or

0

In Kohana’s core class, there is a constant FILE_SECURITY.

string(60) "<?php defined('SYSPATH') or die('No direct script access.');"

Now obviously if you place this at the start of your files, and if it is accessed outside of the Kohana environment, it will die().

But what is the purpose of this constant? We can’t eval() it because it has a leading <?php.

Does Kohana create PHP files somewhere and uses it to prepend it to the start of the file?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-18T04:03:00+00:00

Editorial Team

2026-05-18T04:03:00+00:00Added an answer on May 18, 2026 at 4:03 am

The Kohana_Log_File::write function uses the constant:

// Set the name of the log file
$filename = $directory.date('d').EXT;

if ( ! file_exists($filename))
{
    // Create the log file
    file_put_contents($filename, Kohana::FILE_SECURITY.' ?>'.PHP_EOL);

    // Allow anyone to write to log files
    chmod($filename, 0666);
}

Looks like it’s inserted into a log to stop it from being read from a public URL.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

In Kohana’s core class, there is a constant FILE_SECURITY . string(60) <?php defined(‘SYSPATH’) or

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply