Hi!
ext/sessions/mod_files.c:281 has a hardcoded openbasedir-check skipping of "/tmp" path for storing session-files, if sessions.save_path is not manually set.
I would think the idea was to make it easier on inexperienced users. Since default AFAIK is /tmp, and it is highly unlikely that somebody would need to hide /tmp from the users, it makes more scenarios to work out of the box.
Anyway, this looks like something done wrong from the beginning. Shouldn't "/tmp" be explicitly added to open_basedir list? Why should it have any special meaning? I propose to remove special treatment of "/tmp" (should be mentioned in upgrade-docs)
Is there any problem that this treatment is causing? I.e. on Mac the default is different, but that's not a problem of this treatment - it's rather missing special treatment of /var/tmp on mac, I'd say :) So Mac users don't get this boon, but is it the reason to remove it form other users?
-- Stanislav Malyshev, Zend Software Architect [EMAIL PROTECTED] http://www.zend.com/ (408)253-8829 MSN: [EMAIL PROTECTED] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
