At 12:13 AM 7/11/2001 +0200, Jeroen van Wolffelaar wrote:
> >   - Right now this also effects things like opening php.ini. It'll now
> >     check in the current working directory for php.ini. I think this
> >     screw up todays behavior.
>Isn't this a huge security risk? When there is something wrong so that
>php.ini can't get read where it should, it will maybe read the user's

Can you check it and come up with a conclusive answer if it's a problem. I 
don't have time now.

>I assume it will at least first check for php.ini where it should be?

Yes, it'll first check the real place.

>By the way, when doing something like include("../init.php"), your
>script will get broken when a init.php is added somewhere...
>it doesn't make it very transparently.

In what respect?
The reason why I want people to check the patch and think about it is so 
that we can remove it ASAP if people feel it does more harm than good.


PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to