Hello, On 10/13/06, Gregory Beaver <[EMAIL PROTECTED]> wrote:
Tim Starling wrote: > Pierre wrote: >> There is no issue with PEAR or any applications using include_path and >> relative paths in include/require. The system include_path, if any, >> paths should already be in the open_basedir. If they are not, you >> have to install the desired modules within your open_basedir, just >> like now. > > The application I'm interested in is where there is no system > open_basedir, and the application wishes to lock down the environment. > So we could do: > > ini_set('open_basedir', ini_get('include_path') . PATH_SEPARATOR . > dirname(__FILE__)); > > But that still allows the application to access every path that the > system administrator has, at a whim, included in include_path. It's not > maximally restrictive, really we only need dirname(__FILE__) and > wherever PEAR is. > > We could do: > $pear = trim(`pear config-get php_dir`); > ini_set('open_basedir', $pear . PATH_SEPARATOR . dirname(__FILE__); > > But of course, that's not very portable. What I'm hinting at is that it > might be kind of nice if PHP knew where PEAR was, and provided it say > via $_SERVER. It might save a bit of mucking around.Hi Tim, This is a bit more PEAR-related, please follow up to pear-dev with any further questions. The code you're looking for is: require_once 'PEAR/Config.php'; $c = PEAR_Config::singleton(); // assuming PHP 5, add & if PHP 4 ini_set('open_basedir', $c->get('php_dir') . PATH_SEPARATOR . dirname(__FILE__));
These values do not change during the application lifetime. Dynamic tests and decisions are ugly when what you test never change. I would suggest to do it only during the installation stage. --Pierre -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
