On Tue, 2001-12-11 at 11:29, Zeev Suraski wrote: > Would the cwd of the PHP CGI be inside the user's dir? Did you test it in > a real CGI environment? > > Zeev
Err, PHP CGI would be in /usr/local/bin/php.. 'Wouter' tells me he has tested it in a real CGI environment. > > At 12:23 11/12/2001, Mathieu Kooiman wrote: > >There's a problem with PHP cgi binaries: > > > ><CaPS_> (was a CVS, so..) > ><CaPS_> which reminds me > ><CaPS_> remember my ranting about php.ini derick? > ><CaPS_> (it opens ./php.ini, config_file_path/php.ini, checks PHPRC > >environment) > ><CaPS_> in that order > ><CaPS_> I got some 'friends' who work at hosters > ><CaPS_> and they don't like that > ><CaPS_> cos, ./php.ini will enable users to override safe mode > ><CaPS_> made a lill patch for him so it wouldn't > ><CaPS_> but, isn't it an idea to add --restrictive-hosting or something > >that'll ''activate'' that patch ? > ><CaPS_> (limit php.ini to be in config-file-path) > ><OpenSrc> yes > ><OpenSrc> no switch > ><OpenSrc> just reverse it :) > ><CaPS_> que > ><CaPS_> ? > ><OpenSrc> change the order > ><OpenSrc> let the MAIN php.ini override values in PHPRC/php.ini > ><CaPS_> it doesn't sequentially parse them > ><CaPS_> but one > ><OpenSrc> oh > ><OpenSrc> then that need to be fixed :) > ><CaPS_> either ./php.ini, php.ini or PHPRC > ><OpenSrc> write it to php-dev > > > >It allows users to set their own options in a ./php.ini, as in > >override user_dir, open_basedir and safe_mode. > > > >My default php.ini has error_reporting set to E_ALL: > > > >test.php: > > > ><?php > >echo $test; > >?> > > > >php.ini-ex: > >error_reporting = E_ALL & ~E_NOTICE > > > >caps@anaina:~/php-4.1.0$ ./php -q test.php > >PHP Warning: undefined variable: test in /home/caps/php-4.1.0/test.php > >on line 3 > > > >caps@anaina:~/php-4.1.0$ mv php.ini-ex php.ini > >caps@anaina:~/php-4.1.0$ ./php -q test.php > >caps@anaina:~/php-4.1.0$ > > > >This was reported and discussed (on IRC) first on Nov 15 > >(http://bugs.php.net/bug.php?id=14071), granted.. filed incorrectly. > > > >I'd say this is quite serious when you're a hoster who only allows PHP > >in CGI mode. > > > >Wouter de Jong is the one who actually discovered this. > > > >-- > >Mathieu 'CaPS_' Kooiman <[EMAIL PROTECTED]> > >MAP Internet Services > > > > > > > > > > > > > >-- > >PHP Development Mailing List <http://www.php.net/> > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > >To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
