From: Zeev Suraski [mailto:[EMAIL PROTECTED]] > > At 15:09 02/05/2002, [EMAIL PROTECTED] wrote: > > > Ok then, perhaps we should have an .ini setting for it? :) > > > >So you want to add an .ini setting where the .ini file could be found? > >That just doesn't make sense to me :) > > That was a joke.. > > > > The only two options I see, in that case are: > > > > > > - Add the binary path to the 3 existing lookup places > > > - Add a configuration option that would determine whether CWD would be > > > used, or the binary path would be used. > > > > > > I lean towards option #2 myself... > > > >yeah, but it still doesn't make sense :) > > It does (configuration option == configure option, not php.ini option)
Tricky :). I'd suggest the default be to omit CWD from the php.ini search path. This does break the compatibility for sites that use this feature. If a site chooses to look for php.ini this is a security risk. Better for the default to be secure. If the site is on Unix and uses chroot() before PHP runs, then the security risk may be eliminated. If the site is on Windows and wants to allow customer-hosted PHP scripts on a shared server ... this seems inherently risky in every case. Eh. Neither argument is especially compelling. BTW, if you are going to look for php.ini in the current directory then a feature like ASP's global.asa is interesting. Instead of just checking CWD you also check in each parent directory up to the application/web root. Slightly less efficient, but this makes having common settings for an application (in a directory sub-tree on the web) somewhat simpler. -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
