#43822 [Com]: Allow ini_set('include_path', ??) even when php_admin_value include_path is set

Fri, 20 Mar 2009 06:13:23 -0700 

 ID:               43822
 Comment by:       derernst at gmx dot ch
 Reported By:      birne at 007mail dot de
 Status:           Open
 Bug Type:         Feature/Change Request
 Operating System: Ubuntu Linux 7.10
 PHP Version:      5.2.5
 New Comment:

Using set_include_path() instead of ini_set('include_path') does not
seem to make a difference.

I consider this change, that disables setting the include_path at
runtime, a severe backwards compatibility break. For example it can make
an application that relies on a manual PEAR installation unuseable. This
is a problem specially in shared hosting environments, where you usually
can't control the server configuration.


Previous Comments:
------------------------------------------------------------------------

[2008-01-11 21:59:31] [email protected]

I think you can use set_include_path() for this:
http://no.php.net/manual/en/function.set-include-path.php

------------------------------------------------------------------------

[2008-01-11 20:55:42] birne at 007mail dot de

Description:
------------
After the patch for #41561 was applied, ini_set() could no longer
overwrite any configuration value that was previously defined using
php_admin_*. 

In #43598 sniper wrote: php_admin_* is supposed to make any such option
unusable by anybody in any script. And it's meant for hosting
companies.

I agree, that in a hosting environment no customer should be able to
overwrite configuration like open_basedir. But there is no harm in
allowing the customer to change include_path; on the contrary is it of
great use for the customer to add his own libraries.

Before the #41561 patch was applied, this was already possible for
years and that was no bug, because overwriting open_basedir was not
possible at all.

I suggest to define another "Changeable" scope (see
http://php.net/manual/en/ini.php) for configuration values like
"PHP_INI_OVERWRITEABLE" wich behaves like "PHP_INI_ALL" but in addition
to that can be overwritten using ini_set() even when previously defined
using php_admin_*. The inlude_path would be one of the new
PHP_INI_OVERWRITEABLE directives, additional harmless ones must be
defined.

Please make sure to properly document that change - the new behavior of
the patch for #41561 is still not documented anywhere (or I did not find
it..)



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=43822&edit=1

Reply via email to