[PHP-DEV] doc_root solution From: Andi Gutmans (andi <email protected>)
Date: 09/16/00

OK, I am commiting a patch which should fix the doc_root problem.

We do have to fix our documentation because it mislead me and probably others. 

----
doc_root string
PHP's "root directory" on the server. Only used if non-empty. If PHP is 
configured with safe mode, no files outside this directory are served.
----

This should be changed to something like:
doc_root string
         PHP's "root directory" on the server. Only used if non-empty and 
PHP is in CGI  or Java servlet mode." PHP will open the main script 
according to doc_root and  PATH_INFO and not PATH_TRANSLATED.

(Side note: This really has nothing to do with safe mode, safe_mode really 
means that permissions are checked).

In order to limit which files can/can't be open by PHP,open_basedir should 
be used. doc_root just calculates the initial scripts location when the 
main script is opened for CGI. open_basedir checks every file which is 
opened (at least what the scripting engine opens) and makes sure it's not 
outside of the specified directory tree. Again, I'm not sure how well this 
works right now although I have cleaned up the code a lot but there might 
be glitches here and there.
I'm cc'ing Egon so that he can make the documentation changes and Sam Ruby 
to find out why servlets use php_fopen_primary_script(). Are they like CGI's?

I can't commit my patch right now because the CVS is down but I'll do it 
later on when the machine hopefully comes back to life.

Andi
---
Andi Gutmans <andi <email protected>>
http://www.zend.com/

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>