Sara Golemon wrote:
The PDM recommendation covering the removal of safe_mode included a note
on expanding the role of open_basedir. To that end, I'd like to propose
introducing a new ini option: open_basedir_for_include which would allow
using include/require(_once) on an expanded set of directories than what
open_basedir would otherwise allow.
Since php_fopen_wrapper_for_zend() specifies STREAM_OPEN_FOR_INCLUDE, we
can catch this option in the plain_files wrapper and expand the
open_basedir check to allow specifying the alternate INI option (when
set of course). Obviously if this new option were left unset and the
regular open_basedir were set, we'd still use that for full BC.
If noone objects I'll add this functionality in between unicode related
patches in a week or so.
Sounds like a good idea to me. A very handy use of open_basedir that is
often overlooked is as a way to protect you from yourself. That is, you
define up front where you know your application should be reading and
writing from and if you happen to make a mistake in your code it will
act as a safety net. Adding the ability to include files from common
include directories without adding them to the list of real open_basedir
directories makes this more useful.
-Rasmus
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
