On Mon, 18 Nov 2002, Edin Kadribasic wrote: > On Sun, 17 Nov 2002, Rasmus Lerdorf wrote: > > > I don't have the energy to do a cvs check, but I remember adding this > > restriction years ago (php2 days) and then removing it (by commenting out > > the check) ages ago as well. I'm not sure PHP4 ever had this check turned > > on (the commented out check was ported to php4), so the documentation has > > not reflected reality in a very long time. > > I agree that this change is going to break a lot of code. Some of it is my > own :) > > I suggest that we always populate $PHP_AUTH_USER since that one has no > security consequences and the information is awailable elsewhere > ($_SERVER['REMOTE_USER']). $PHP_AUTH_PW should be set when there are no > safe_mode/open_basedir restrctions in effects. > > Would this solution be satisfactory to everyone?
Perfectly fine with me. Derick -- --------------------------------------------------------------------------- Derick Rethans http://derickrethans.nl/ JDI Media Solutions --------------[ if you hold a unix shell to your ear, do you hear the c? ]- -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
