Thanks for the pointer. As far as I looked over the thread, which is not so long as I expected, I don't feel there is that much need for including CWD in php.ini search path. +1 for removing that feature.
Moriyoshi "Edin Kadribasic" <[EMAIL PROTECTED]> wrote: > No because it was preciselly because of cgi that CWD wasn't removed > from the php.ini search path. Have a look at the following thread: > > http://www.zend.com/lists/php-dev/200202/msg01325.html > > Edin > > ----- Original Message ----- > From: "Moriyoshi Koizumi" <[EMAIL PROTECTED]> > To: "Edin Kadribasic" <[EMAIL PROTECTED]> > Cc: "Derick Rethans" <[EMAIL PROTECTED]>; "Jani Taskinen" > <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Thursday, December 12, 2002 12:44 PM > Subject: Re: [PHP-DEV] Critical Bug #20887 > > > > > At the time CLI was introduced I argued to remove . from php.ini > > > search path, but that was not accepted because some people > > > apparently use this feature for having different configurations > for > > > different virtual hosts. > > > > > > Therefore . was removed only from CLI's php.ini search path. > > > > This feature looks somewhat evil since it enables users to bypass > the safe > > mode restrictions enforced by the administrator, or am I missing > > something? > > > > Anyway, the following patch should make sense for #20887? > > > > Moriyoshi > > > > Index: main/php_ini.c > > > =================================================================== > > RCS file: /repository/php4/main/php_ini.c,v > > retrieving revision 1.106 > > diff -u -r1.106 php_ini.c > > --- main/php_ini.c 12 Nov 2002 20:56:47 -0000 1.106 > > +++ main/php_ini.c 12 Dec 2002 11:22:17 -0000 > > @@ -272,7 +272,8 @@ > > > > /* Add cwd */ > > #ifdef INI_CHECK_CWD > > - if (strcmp(sapi_module.name, "cli")!=0) { > > + if (strcmp(sapi_module.name, "cgi")==0 > > + || strcmp(sapi_module.name, > "cgi-fcgi")==0) { > > if (*php_ini_search_path) { > > strcat(php_ini_search_path, > paths_separator); > > } > > > > > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
