Tim Starling wrote:
Pierre wrote:
There is no issue with PEAR or any applications using include_path and
relative paths in include/require. The system include_path, if any,
paths should already be in the open_basedir. If they are not, you
have to install the desired modules within your open_basedir, just
like now.
The application I'm interested in is where there is no system
open_basedir, and the application wishes to lock down the environment.
So we could do:
ini_set('open_basedir', ini_get('include_path') . PATH_SEPARATOR .
dirname(__FILE__));
But that still allows the application to access every path that the
system administrator has, at a whim, included in include_path. It's not
maximally restrictive, really we only need dirname(__FILE__) and
wherever PEAR is.
We could do:
$pear = trim(`pear config-get php_dir`);
ini_set('open_basedir', $pear . PATH_SEPARATOR . dirname(__FILE__);
But of course, that's not very portable. What I'm hinting at is that it
might be kind of nice if PHP knew where PEAR was, and provided it say
via $_SERVER. It might save a bit of mucking around.
Hi Tim,
This is a bit more PEAR-related, please follow up to pear-dev with any
further questions. The code you're looking for is:
require_once 'PEAR/Config.php';
$c = PEAR_Config::singleton(); // assuming PHP 5, add & if PHP 4
ini_set('open_basedir', $c->get('php_dir') . PATH_SEPARATOR .
dirname(__FILE__));
Greg
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
