> At the time CLI was introduced I argued to remove . from php.ini > search path, but that was not accepted because some people > apparently use this feature for having different configurations for > different virtual hosts. > > Therefore . was removed only from CLI's php.ini search path.
This feature looks somewhat evil since it enables users to bypass the safe mode restrictions enforced by the administrator, or am I missing something? Anyway, the following patch should make sense for #20887? Moriyoshi Index: main/php_ini.c =================================================================== RCS file: /repository/php4/main/php_ini.c,v retrieving revision 1.106 diff -u -r1.106 php_ini.c --- main/php_ini.c 12 Nov 2002 20:56:47 -0000 1.106 +++ main/php_ini.c 12 Dec 2002 11:22:17 -0000 @@ -272,7 +272,8 @@ /* Add cwd */ #ifdef INI_CHECK_CWD - if (strcmp(sapi_module.name, "cli")!=0) { + if (strcmp(sapi_module.name, "cgi")==0 + || strcmp(sapi_module.name, "cgi-fcgi")==0) { if (*php_ini_search_path) { strcat(php_ini_search_path, paths_separator); } -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php