> > Sara Golemon wrote: > > The PDM recommendation covering the removal of safe_mode included a > > note on expanding the role of open_basedir. To that end, > I'd like to > > propose introducing a new ini option: > open_basedir_for_include which > > would allow using include/require(_once) on an expanded set of > > directories than what open_basedir would otherwise allow. > > > > Since php_fopen_wrapper_for_zend() specifies > STREAM_OPEN_FOR_INCLUDE, > > we can catch this option in the plain_files wrapper and expand the > > open_basedir check to allow specifying the alternate INI > option (when > > set of course). Obviously if this new option were left > unset and the > > regular open_basedir were set, we'd still use that for full BC. > > > > If noone objects I'll add this functionality in between unicode > > related patches in a week or so. > > Sounds like a good idea to me. A very handy use of > open_basedir that is often overlooked is as a way to protect > you from yourself. That is, you define up front where you > know your application should be reading and writing from and > if you happen to make a mistake in your code it will act as a > safety net. Adding the ability to include files from common > include directories without adding them to the list of real > open_basedir directories makes this more useful.
Any reason why can't set open_basedir programmatically? Obviously to only a subset of the current setting. Jared -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
