I have a few questions about correctly implementing safe_mode, open_basedir
and allow_url checks within an extension.
Probably an easy question, but I have seen it implemented in various ways in
different extensions and want to make sure i implement this correctly.
allow_url checks:
is there a standard function which produces an error if not allowed, or
do I just handle this within the extension after testing with
PG(allow_url_fopen)?
safe_mode:
this is done by testing both php_check_safe_mode_include_dir and
php_checkuid if safe_mode is enabled, correct?
open_basedir:
this is just done with php_check_open_basedir?
Is there any precedence of the safe_mode and open_basedir checks or does it
need to pass both checks?
Are there any other checks i am missing to implement filesystem security
within an extension?
Thanks,
Rob
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
