Hi,
On Sat, 26 Nov 2005 11:57:45 -0500, in php.internals
[EMAIL PROTECTED] (Daniel Convissor) wrote:
>If you have some suggestions for documentation improvements, make a patch
>against http://cvs.php.net/phpdoc/en/features/safe-mode.xml, post the
>patch on a website somewhere then open a docume
Hi Peter:
On Fri, Nov 25, 2005 at 11:22:32AM +0100, Peter Brodersen wrote:
> I don't think anybody disagrees about this. I'm just curious about
> documenting some recommendations.
If you have some suggestions for documentation improvements, make a patch
against http://cvs.php.net/phpdoc/en/featu
On Fri, 25 Nov 2005 09:39:34 -0800, in php.internals
[EMAIL PROTECTED] (Rasmus Lerdorf) wrote:
>I think that is a pretty good idea actually. It's the uid matching that
>is the problem. Having a way to restrict which commands the exec
>functions can execute is sort of a separate thing that is s
Christopher Kunz wrote:
Peter Brodersen wrote:
Well, safe_mode could prevent someone of doing a
shell_exec("cat /home/otheruser/web/config.php");
open_basedir can't do the same thing.
Even if open_basedir could restrict the location of the called
executable people could still upload a binary t
Hi,
On Thu, 24 Nov 2005 15:55:10 -0800
"Sara Golemon" <[EMAIL PROTECTED]> wrote:
> > Well, safe_mode could prevent someone of doing a
> > shell_exec("cat /home/otheruser/web/config.php");
> > open_basedir can't do the same thing.
> >
> disabled_functions=shell_exec, etc
This is pretty much
Peter Brodersen wrote:
> Well, safe_mode could prevent someone of doing a
> shell_exec("cat /home/otheruser/web/config.php");
> open_basedir can't do the same thing.
>
> Even if open_basedir could restrict the location of the called
> executable people could still upload a binary to their own dir
Hi,
On Thu, 24 Nov 2005 16:23:05 -0800
Andi Gutmans <[EMAIL PROTECTED]> wrote:
> Yep, completely right. We came to the conclusion a long time ago that
> safe_mode isn't safe, and keeping it around is just going to continue
> giving people a false sense of security (and PHP a bad name).
I don't
Hi,
On Thu, 24 Nov 2005 14:12:32 -0800
Rasmus Lerdorf <[EMAIL PROTECTED]> wrote:
> > Well, safe_mode could prevent someone of doing a
> > shell_exec("cat /home/otheruser/web/config.php");
> > open_basedir can't do the same thing.
> We were in a continual losing race against that sort of thing tho
Well, safe_mode could prevent someone of doing a
shell_exec("cat /home/otheruser/web/config.php");
open_basedir can't do the same thing.
disabled_functions=shell_exec, etc
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Yep, completely right. We came to the conclusion a long time ago that
safe_mode isn't safe, and keeping it around is just going to continue
giving people a false sense of security (and PHP a bad name).
Andi
At 02:12 PM 11/24/2005, Rasmus Lerdorf wrote:
Peter Brodersen wrote:
Well, safe_mode
Peter Brodersen wrote:
Well, safe_mode could prevent someone of doing a
shell_exec("cat /home/otheruser/web/config.php");
open_basedir can't do the same thing.
We were in a continual losing race against that sort of thing though.
In pretty much every single release there have been ways to do t
Hi,
On Thu, 24 Nov 2005 09:11:53 -0800
Rasmus Lerdorf <[EMAIL PROTECTED]> wrote:
> > I'm not looking for any near-safe_mode-substitution. I'm more
> > concerned about the deployment of PHP6 at shared hosts.
> These shared hosts really should be using open_basedir. We have
> confused them by hav
Peter Brodersen wrote:
On Tue, 22 Nov 2005 18:57:19 +0100 (CET), in php.internals
[EMAIL PROTECTED] (Derick Rethans) wrote:
On 11 and 12 November a bunch of us had a developers meeting in Paris,
discussing the things we want to do for PHP 6. Partly because of the
Unicode support, but we also d
On Thu, 24 Nov 2005, Jakub Vrana wrote:
4.5 Cleanup for {} vs. []
It was already discussed. Many people would be confused from
documentation statement "[] was marked as deprecated in 4.0.6 - 5.1
but then suddenly {} was deprecated instead and removed in 6.0" and
many scripts would refuse to wo
On Wednesday 23 November 2005 16:40, Christian Schneider wrote:
> As far as named parameters go: I can live with the decision as we use
> our own patch for that anyway
Christian,
Where are the details on this patch?
Kind Regards,
--
Ian P. Christian ~ http://pookey.co.uk
--
PHP Internals - P
Marcus,
I agree that we should work together on this, so that we can achieve the
best result possible and to avoid duplicate work. To a certain degree,
we have already worked together on this, when you suggested using the
__autoload mechanism to resolve namespace imports and this is what I
en
Hello Derick,
Tuesday, November 22, 2005, 7:26:56 PM, you wrote:
> On Tue, 22 Nov 2005, Jessie Hernandez wrote:
>> I saw the notes regarding namespaces, and it really suprised me that the
>> namespace patch was not looked at in detail, discarded, and then the approach
>> that was agreed on was _
Hello Jessie,
Tuesday, November 22, 2005, 7:57:47 PM, you wrote:
> Rasmus Lerdorf wrote:
>>
>> The entire meeting was exclusively about PHP 6. We are too far along in
>> the 5.1 process to make any large changes at this point.
>>
> Actually, I did not mean to include it in the current 5.1 ve
Rasmus Lerdorf wrote:
The entire meeting was exclusively about PHP 6. We are too far along in
the 5.1 process to make any large changes at this point.
Actually, I did not mean to include it in the current 5.1 version (as
that's about to be released), but I was hoping for it to make it in
Jessie Hernandez wrote:
The way the sentence was worded at
http://www.php.net/~derick/meeting-notes.html#name-spaces led me to
believe this:
"First we briefly discussed the current name space patch, but as we were
not all familiar with its workings we did not go into deep detail for
this. Th
Hi Rasmus,
The way the sentence was worded at
http://www.php.net/~derick/meeting-notes.html#name-spaces led me to
believe this:
"First we briefly discussed the current name space patch, but as we were
not all familiar with its workings we did not go into deep detail for
this. Then we saw an
Jessie Hernandez wrote:
I saw the notes regarding namespaces, and it really suprised me that the
namespace patch was not looked at in detail, discarded, and then the
approach that was agreed on was _THE EXACT SAME ONE_ that my patch uses.
To add insult to injury, it's mentioned that Marcus was
On Tue, 22 Nov 2005, Jessie Hernandez wrote:
> I saw the notes regarding namespaces, and it really suprised me that the
> namespace patch was not looked at in detail, discarded, and then the approach
> that was agreed on was _THE EXACT SAME ONE_ that my patch uses. To add insult
> to injury, it's
23 matches
Mail list logo
