Hi, Just got home from a month in South America and is trying to catch up on old posts...
On Sat, 18 Feb 2006 17:02:32 -0800, in php.internals [EMAIL PROTECTED] (Andi Gutmans) wrote: >I'm nuking safe_mode and I found something odd. In streams, >php_plain_files_unlink() only checks php_check_open_basedir() when >ENFORCE_SAFE_MODE is flagged. I was planning on nuking >ENFORCE_SAFE_MODE completely. Is this a bug? Or should I rename >ENFORCE_SAFE_MODE to ENFORCE_OPEN_BASEDIR? Rasmus mentions in <[EMAIL PROTECTED]> / http://news.php.net/php.internals/20417 that it might be a good idea unwrapping the safe_mode_exec_dir check from the uid matching. The trouble about "safe mode" seems mainly to be the expression (based on the notes in http://www.php.net/~derick/meeting-notes.html#safe-mode ) and the spurious UID checks. In the same old thread it didn't seem like there was a consensus or best practice regarding the exec functions. Some recommended using disabled_functions, but this would just be asking people to "remake" and maintain their own list of functions that safe_mode (under any other name) would have disabled for them. Would the feature of safe_mode_exec_dir in any kind of name be preserved, as recommended by Rasmus? This might be the exact time to "remind us later". -- - Peter Brodersen -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
