At 12:13 AM 7/11/2001 +0200, Jeroen van Wolffelaar wrote:
> > - Right now this also effects things like opening php.ini. It'll now
>always
> > check in the current working directory for php.ini. I think this
>doesn't
> > screw up todays behavior.
>
>Isn't this a huge security risk? When there is something wrong so that
>php.ini can't get read where it should, it will maybe read the user's
>one?
Can you check it and come up with a conclusive answer if it's a problem. I
don't have time now.
>I assume it will at least first check for php.ini where it should be?
Yes, it'll first check the real place.
>By the way, when doing something like include("../init.php"), your
>script will get broken when a init.php is added somewhere...
>it doesn't make it very transparently.
In what respect?
The reason why I want people to check the patch and think about it is so
that we can remove it ASAP if people feel it does more harm than good.
Andi
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
