Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:22572 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 28818 invoked by uid 1010); 25 Mar 2006 03:33:03 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 28803 invoked from network); 25 Mar 2006 03:33:03 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Mar 2006 03:33:03 -0000 X-Host-Fingerprint: 69.12.155.130 69-12-155-130.dsl.static.sonic.net Linux 2.4/2.6 Received: from ([69.12.155.130:2697] helo=pigeon.alphaweb.net) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id 73/70-11806-FE9B4244 for ; Fri, 24 Mar 2006 22:33:03 -0500 Received: from localhost ([127.0.0.1] helo=OHRLVN4523SG) by pigeon.alphaweb.net with smtp (Exim 4.10) id 1FMywG-0005zT-00 for internals@lists.php.net; Fri, 24 Mar 2006 18:55:40 -0800 Message-ID: <000a01c64fbc$cef29c50$88051fac@OHRLVN4523SG> To: Date: Fri, 24 Mar 2006 19:32:56 -0800 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 Subject: open_basedir_for_include From: pollita@php.net ("Sara Golemon") The PDM recommendation covering the removal of safe_mode included a note on expanding the role of open_basedir. To that end, I'd like to propose introducing a new ini option: open_basedir_for_include which would allow using include/require(_once) on an expanded set of directories than what open_basedir would otherwise allow. Since php_fopen_wrapper_for_zend() specifies STREAM_OPEN_FOR_INCLUDE, we can catch this option in the plain_files wrapper and expand the open_basedir check to allow specifying the alternate INI option (when set of course). Obviously if this new option were left unset and the regular open_basedir were set, we'd still use that for full BC. If noone objects I'll add this functionality in between unicode related patches in a week or so. -Sara