ID: 14071 Comment by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Feature/Change Request Operating System: Linux/FreeBSD PHP Version: 4.0.6 New Comment:
Guess I'm the only one who'd like this behaviour :) Previous Comments: ------------------------------------------------------------------------ [2001-11-15 13:12:05] [EMAIL PROTECTED] The problem I ran into while using PHP as CGI-binary under for example Apache instead of mod_php, is that you can't simply allow restrictive overrides of certain values. If you for example put a 'php.ini' file in a directory, PHP will read that file...completely ignoring the /usr/local/lib/php.ini Let's say we have a malicious user who wants to upload files of 100MB, he could simply do that by allowing this in his 'own' php.ini (post_max_size). I don't think this is a wanted situation. The restriction I'm using now (thanks to Mathieu), is by an edited php_ini.c that reads only the php.ini from PHP_CONFIG_FILE_PATH. Why not using the same guidelines as with the ini_set() function ? Or an option in the 'default' .ini, to turn this behaviour on...:)) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=14071&edit=1
