Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:16055 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 17335 invoked by uid 1010); 22 Apr 2005 18:55:36 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 17206 invoked from network); 22 Apr 2005 18:55:34 -0000 Received: from unknown (HELO pb1.pair.com) (127.0.0.1) by localhost with SMTP; 22 Apr 2005 18:55:34 -0000 X-Host-Fingerprint: 213.237.67.135 213.237.67.135.adsl.by.worldonline.dk Linux 2.4/2.6 Received: from ([213.237.67.135:29059] helo=mail.ter.dk) by pb1.pair.com (ecelerity 1.2.12rc1 r(5476:5477)) with SMTP id 8D/07-22714-4A849624 for ; Fri, 22 Apr 2005 14:55:32 -0400 Received: from workpenguin (workpenguin [192.168.1.32]) by mail.ter.dk (Symaskine) with SMTP id 6413A8A4014 for ; Fri, 22 Apr 2005 20:55:29 +0200 (CEST) To: internals@lists.php.net Date: Fri, 22 Apr 2005 20:54:48 +0200 Message-ID: References: <4266894D.1070702@cain.sh> <42668AC0.1010607@caedmon.net> In-Reply-To: <42668AC0.1010607@caedmon.net> X-Mailer: Forte Agent 1.91/32.564 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] [PATCH] Modifications for ext/session/ From: php@ter.dk (Peter Brodersen) On Wed, 20 Apr 2005 13:00:48 -0400, in php.internals sean@caedmon.net (Sean Coates) wrote: >Provided that the code is good: +1 >These sounds like great features (especially for session fixation/hijack= =20 >prevention). But as long as stuff like print_r(glob("{.,/tmp}/*",GLOB_BRACE)); .. are possible even in safe_mode/open_basedir-restrictions, these new functions will have pretty small effect unless one works his way entirely around the session functionality in the first place... E.g.: http://basedir.ter.dk/globall.php --=20 - Peter Brodersen