When in "safe mode" shouldn't PHP check to see if the directory that is about to be opened with a opendir() function has the same UID as the PHP script itself, and fail if the UIDs do not match? Because in PHP 4.0.6 with safe_mode "on", a PHP script owned by "fred" can open any directory owned by any other UID, so long as the directory is under the "open_basedir". This does not seem right to me, as it allows a user in safe_mode to browse all the files on the entire webserver, looking for things he might be able to peek at with a web browser. Please advise whether this should be a bug report. A. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
