ID: 31618 Updated by: tony2...@php.net Reported By: kpederson at mail dot ewu dot edu -Status: Assigned +Status: Suspended Bug Type: Feature/Change Request Operating System: redhat enterprise PHP Version: 5CVS-2005-03-14 Assigned To: tony2001
Previous Comments: ------------------------------------------------------------------------ [2007-02-25 19:10:06] nobody at bugs dot php dot net Until an is_includible() is added, it's possible to check a file exists using realpath() even with safe mode enabled which allows Smarty to at least see and include() its own plugins. ------------------------------------------------------------------------ [2006-06-19 21:03:34] kpederson at mail dot ewu dot edu open_basedir does not do what I need it to do. The functionality and setup that I need: 1) I have many users per host, each with their own group hierarchy. 2) Each user cannot access any other users data, unless they are in the same group. Thus, I have user and group permissions that need to be managed. 3) I have common scripts that everyone needs to access (smarty templates and wrappers). Because of #1 and #2, I need safe mode with GID checking. Because of #3, I need to have a directory that *everyone* can include and read from -- safe_mode_include_dir is not sufficient because it doesn't allow the users to read the templates, only include them and smarty (smarty.php.net) needs the ability to read them in order for them to work. open_basedir is great for restricting reads between hosts. I could set it to /path/to/host/;/path/to/templates/ and then users would only be able to access files within their host and the templates, but it still doesn't solve the problem at hand. ------------------------------------------------------------------------ [2006-06-19 20:07:02] yanstiac at yahoo dot com Just need to read a bit =) Nstiac http://www.php.net/manual/en/features.safe-mode.php#ini.sect.safe-mode ------------------------------------------------------------------------ [2006-06-19 20:02:59] yanstiac at yahoo dot com Guys... that is what open_basedir is actually for. Cheers, Nstiac ------------------------------------------------------------------------ [2006-05-29 06:45:23] parktrip at gmail dot com Could someone tell me what will happened to this report ? is this supposed to be solved in a future version of PHP ? I have the same problem with smarty in a commercial application. Is there another way to make it work with safe_mode on ? Thanks a lot. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/31618 -- Edit this bug report at http://bugs.php.net/?id=31618&edit=1
