> None in this case, but that has nothing to do with the problem. That is > obviously a bug. Did you submit it?
Bug Report #17155 :) >The fact is that the problem cannot be > solved purely by UNIX-level permissions. Things like safe-mode or > open_basedir are needed. > > And the ISP that is on the ball will add disable_functions = show_source > to their php.ini after reading this message. Heh, I am certain that most ISPs admins are not subscribed to the development list of every software they are running, monitoring such lists would be near impossible due to large cumulative volume of email. I am sure some IPSs will do exactly what you suggest and disable the function, but what about the next function which bypasses safe_mode etc...? Eventually, they'd need to disable every file system function. Btw here is yet another thing against which safemode does not protect. while(1) fopen(rand(), "w"); After a few seconds depending on system speed system will run out of file pointers. I am sure you can see how that would be BAD. Ilia -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
