ID: 9000
Updated by: david
Reported By: [EMAIL PROTECTED]
Old-Status: Open
Status: Closed
Bug Type: *Configuration Issues
Assigned To:
Comments:
safe_mode disables ``
safe_mode_exec_dir specifies a base directory for executables
disable_functions allows you to turn disable certain functions completely
Previous Comments:
---------------------------------------------------------------------------
[2001-01-30 07:47:01] [EMAIL PROTECTED]
Even with open_basedir . configured in php.ini, the following bypasses it with
concerning ease:
echo `cat /etc/passwd`;
The fact that open_basedir is in force is obvious when we try fopen ("/etc/passwd",
"r"), etc - ie, the expected open_basedir error pops up.
Surely this is not a bug? If so, is there a way to disable backticks?
I'll wait for some kind of response before I send this to the usual support mailing
lists.
---------------------------------------------------------------------------
ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=9000&edit=2
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
