Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:22578 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 79691 invoked by uid 1010); 25 Mar 2006 16:51:47 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 79676 invoked from network); 25 Mar 2006 16:51:47 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Mar 2006 16:51:47 -0000 X-Host-Fingerprint: 70.85.46.36 unknown Received: from ([70.85.46.36:44316] helo=prohost.org) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id AB/B9-11806-32575244 for ; Sat, 25 Mar 2006 11:51:47 -0500 Received: (qmail 4002 invoked from network); 25 Mar 2006 16:51:44 -0000 Received: from prohost.org (HELO ?127.0.0.1?) (70.85.46.36) by prohost.org with SMTP; 25 Mar 2006 16:51:44 -0000 Message-ID: <44257520.6070304@prohost.org> Date: Sat, 25 Mar 2006 11:51:44 -0500 User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Sara Golemon CC: internals@lists.php.net References: <000a01c64fbc$cef29c50$88051fac@OHRLVN4523SG> In-Reply-To: <000a01c64fbc$cef29c50$88051fac@OHRLVN4523SG> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] open_basedir_for_include From: ilia@prohost.org (Ilia Alshanetsky) Why not just add the dirs you intend to include from to open_basedir directly? It does not prevent arbitrary files from being loaded anyway from those dirs. A simple ob_start() include "file"; ob_get_clean() will happily give you the data. And if you wanted to see the source code, highlight_file() could be used. Ilia Sara Golemon wrote: > The PDM recommendation covering the removal of safe_mode included a note > on expanding the role of open_basedir. To that end, I'd like to propose > introducing a new ini option: open_basedir_for_include which would allow > using include/require(_once) on an expanded set of directories than what > open_basedir would otherwise allow. > > Since php_fopen_wrapper_for_zend() specifies STREAM_OPEN_FOR_INCLUDE, we > can catch this option in the plain_files wrapper and expand the > open_basedir check to allow specifying the alternate INI option (when > set of course). Obviously if this new option were left unset and the > regular open_basedir were set, we'd still use that for full BC. > > If noone objects I'll add this functionality in between unicode related > patches in a week or so. > > -Sara