Hi again,
I believe it should disallow openning a directory in safe mode if the UID
of the directory does not match the UID of the PHP script.
That is exactly the behavior of fopen() in safe mode.
Without that behavior, users are permitted to write a PHP script that lets
them crawl around the
But where user "fred" can opendir() a directory owned by user "mary"
(underneath the open_basedir), that action doesn't even pass a UID check
if the UIDs are supposed to match in safe mode in order for the action to
be allowed.
How would an optional GID check help?
A.
> > When in "safe mode"
When in "safe mode" shouldn't PHP check to see if the directory that is
about to be opened with a opendir() function has the same UID as the PHP
script itself, and fail if the UIDs do not match?
Because in PHP 4.0.6 with safe_mode "on", a PHP script owned by "fred" can
open any directory owned
Why does PHP give a parse error if you do:
echo array_keys($arr)[0];
It makes you assign the result of the function to a var first like this:
$arr = array_keys($arr);
echo $arr[0];
I just want to grab the 1st element of the array. Why does it make you do
it in 2 lines instea
4 matches
Mail list logo