Maybe creating an php.ini option like "disable_ini" where the admin can list
the ini options that can be or cannot be set by users. Of course certain
options like "child_terminate" should be disabled by default.
Btw the "child_terminate" which allows the user to kill the current apache
child is
Right, but it would seem like we need a bit of a general purpose check on
ini_set() from userspace. There are probably other directives that we may
not want to allow or at least want to check from safe_mode. But yes,
that's the code I was looking at. I think we should apply the safe-mode
restri
We can check it at the ini handler level.
We can either forbid modifying error_log from userspace (denying
PHP_INI_USER), deny it only in safe mode, or even apply the safe mode
restriction at that level.
At 00:25 13/05/2002, Rasmus Lerdorf wrote:
>Not quite sure how to fix this one. It's not
