 |
 |
 |
 |
|
|
Date: 07/11/01
- Next message: jungle <email protected>: "[PHP-DEV] Bug #12034: A type-error and a coding-error."
- Previous message: Paul Marquis: "Re: [PHP-DEV] ext/dom/php_domxml.c patch"
- In reply to: Jeroen van Wolffelaar: "[PHP-DEV] Re: php4 /main fopen_wrappers.c"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 12:13 AM 7/11/2001 +0200, Jeroen van Wolffelaar wrote:
> > - Right now this also effects things like opening php.ini. It'll now
>always
> > check in the current working directory for php.ini. I think this
>doesn't
> > screw up todays behavior.
>
>Isn't this a huge security risk? When there is something wrong so that
>php.ini can't get read where it should, it will maybe read the user's
>one?
Can you check it and come up with a conclusive answer if it's a problem. I
don't have time now.
>I assume it will at least first check for php.ini where it should be?
Yes, it'll first check the real place.
>By the way, when doing something like include("../init.php"), your
>script will get broken when a init.php is added somewhere...
>it doesn't make it very transparently.
In what respect?
The reason why I want people to check the patch and think about it is so
that we can remove it ASAP if people feel it does more harm than good.
Andi
-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: jungle <email protected>: "[PHP-DEV] Bug #12034: A type-error and a coding-error."
- Previous message: Paul Marquis: "Re: [PHP-DEV] ext/dom/php_domxml.c patch"
- In reply to: Jeroen van Wolffelaar: "[PHP-DEV] Re: php4 /main fopen_wrappers.c"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]