ID: 21310 User updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Feedback +Status: Open Bug Type: *Directory/Filesystem functions Operating System: Solaris 8 PHP Version: 4.3.0 New Comment:
phpinfo(): .:/usr/local/lib/php php.ini: include_path = ".:/usr/local/lib/php" Previous Comments: ------------------------------------------------------------------------ [2003-01-15 03:18:37] [EMAIL PROTECTED] What does phpinfo() output for include_path? What is include_path set to in your php.ini file? ------------------------------------------------------------------------ [2003-01-10 08:18:46] [EMAIL PROTECTED] I also think it is a bugg. On ours servers all directories have only eXecute access to other. Give read access to other on all level is realy a problem. Cordialy. ------------------------------------------------------------------------ [2003-01-06 12:02:18] [EMAIL PROTECTED] yes, same thing for me. if HTTP server has permission to read all directories in path to the file, all users can read directories of other user and it's really not secure ... ------------------------------------------------------------------------ [2003-01-05 16:59:45] [EMAIL PROTECTED] In my humble opinion it is a bug, because: 1. Previous version of PHP (4.0) could read file without full path, even if PHP couldnt read "." or higher directory. 2. PHP reads several directories (why?) when includes each file without full path. 2. There is no technical reason to give PHP access to read all directories from "/" to directories with PHP scripts. ------------------------------------------------------------------------ [2003-01-05 16:41:43] [EMAIL PROTECTED] Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/21310 -- Edit this bug report at http://bugs.php.net/?id=21310&edit=1
