On Thu, Aug 28, 2008 at 1:59 AM, Stanislav Malyshev <[EMAIL PROTECTED]> wrote: > Hi! > >> ext/sessions/mod_files.c:281 has a hardcoded openbasedir-check >> skipping of "/tmp" path for storing session-files, if >> sessions.save_path is not manually set. > > I would think the idea was to make it easier on inexperienced users. Since > default AFAIK is /tmp, and it is highly unlikely that somebody would need to > hide /tmp from the users, it makes more scenarios to work out of the box. > >> Anyway, this looks like something done wrong from the beginning. >> Shouldn't "/tmp" be explicitly added to open_basedir list? Why should >> it have any special meaning? >> I propose to remove special treatment of "/tmp" (should be mentioned >> in upgrade-docs) > > Is there any problem that this treatment is causing? I.e. on Mac the default > is different, but that's not a problem of this treatment - it's rather > missing special treatment of /var/tmp on mac, I'd say :) So Mac users don't > get this boon, but is it the reason to remove it form other users?
The proper way is to explicitly specify "/tmp" in open_basedir, and, actually, there is quite a common practice of doing so. This "feature" we have was never documented. It was introduced in 5.2.2, so it wasn't there "forever" -- Alexey Zakhlestin http://blog.milkfarmsoft.com/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
