Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:11550 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 44295 invoked by uid 1010); 25 Jul 2004 15:12:29 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 44173 invoked from network); 25 Jul 2004 15:12:28 -0000 Received: from unknown (HELO miranda.org) (209.58.150.153) by pb1.pair.com with SMTP; 25 Jul 2004 15:12:28 -0000 Received: (qmail 24117 invoked by uid 546); 25 Jul 2004 15:12:26 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 25 Jul 2004 15:12:26 -0000 Date: Sun, 25 Jul 2004 11:12:26 -0400 (EDT) X-X-Sender: adam@miranda.org To: Peter Brodersen cc: internals@lists.php.net In-Reply-To: <20040725155303.2C25.PHP@ter.dk> Message-ID: References: <20040725155303.2C25.PHP@ter.dk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: [PHP-DEV] Bugreports - is it worth it? (or: glob() disclosing file names with open_basedir and safe_mode-restriction) From: adam@trachtenberg.com (Adam Maccabee Trachtenberg) On Sun, 25 Jul 2004, Peter Brodersen wrote: > If nobody wants to give an answer to the above, my question would still be: > Is there any way restricting people from retrieving file names (where > open_basedir and safe_mode obviously won't help), besides adding glob to > disable_functions in php.ini? Why don't you set display_errors to Off? Or am I missing something? -adam -- adam@trachtenberg.com author of o'reilly's "upgrading to php 5" and "php cookbook" avoid the holiday rush, buy your copies today!