With all kind respect to Richard Buskirk and Daniel Brown (thank you for 
responding), their replies did not actually answer my question.

My question is: What module or php.ini setting would render inoperative a 
directory traversal of X parents?

My original post follows.

The following works (three parents):
include("../../../includes/ini.inc.php");
require_once("../../../includes/ini.inc.php");

The following works (four parents):
include("../../../../includes/ini.inc.php");

The following does not work (four parents):
require_once("../../../../includes/ini.inc.php");

That is, require_once() with four parents has been reported to have been 
disabled for security purposes. But apparently, not disabled is include() with 
four parents.

The device or setting which is causing the problem is not known to me. It may 
be just the four parents (and include() is getting the data from this file 
elsewhere) or it may be the combination.

It has been reported this is not a limit within open_basedir. So, what is it? 
What module or php.ini setting would have this effect?

Thank you.



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to