On 4 Aug 2009, at 04:49, dan...@zoltak.com wrote:
Quoting Scott MacVicar <sc...@macvicar.net>:
1. Is it safe to lookup the DOCUMENT_ROOT in fopen_wrappers. If
not is there an alternative?
Not at the point the function is being executed on a fresh child
start
PHP hasn't always been fully started by the time it's doing the
config
merging. None of the SAPI variables have been imported.
You might be able to use sapi_getenv("DOCUMENT_ROOT",
sizeof("DOCUMENT_ROOT"))
This method dosen't appear to work.
Any chance of a clarification on "doesn't appear to work"? Does it
fail to compile or is it killing unicorns :-)
Another solution is to skip doing you check before the SAPI is
loaded :-)
If we do this then we cannot determine if the error_log is in the
DOCUMENT_ROOT.
This was the vulnerability that we were fixing in the first place and
no doubt the source of the error.
2. Why was this working in PHP 5.2.6 but now broken in 5.2.1x?
Are you sure you were using 5.2.6? We never checked the error_log
value until 5.2.4, it's the first version to have it.
Yes I am positive it was PHP 5.2.6 - It worked with 5.2.4 and 5.2.5
as well. It would be intresting to understand why it worked in these
versions.
Do you know the first version it stopped working? 5.2.7 - 5.2.10 is
about 15 months worth of bug fixes. Narrowing it down to a particular
version would help.
Scott
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
