Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:83657 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 68708 invoked from network); 24 Feb 2015 11:59:28 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Feb 2015 11:59:28 -0000 Authentication-Results: pb1.pair.com header.from=dz@heroku.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=dz@heroku.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain heroku.com designates 209.85.212.173 as permitted sender) X-PHP-List-Original-Sender: dz@heroku.com X-Host-Fingerprint: 209.85.212.173 mail-wi0-f173.google.com Received: from [209.85.212.173] ([209.85.212.173:60669] helo=mail-wi0-f173.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 28/75-37184-F976CE45 for ; Tue, 24 Feb 2015 06:59:28 -0500 Received: by mail-wi0-f173.google.com with SMTP id bs8so24892237wib.0 for ; Tue, 24 Feb 2015 03:59:25 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-type:content-transfer-encoding :subject:message-id:date:to:mime-version; bh=stcM0/y5eTlwY5SdBogtJkbyjNdiKxUr4O0WuVodEqs=; b=CwIONCP4D1f/8z/nSKKNeQFC0quKKyZi5tjJeUDquYBW9ZRVcCVZ1rxntXWXuDkLAE XRpnVU64Rj1t0J7QFtA4XjBlJMutjPeBvW9jHHgli45ndBWHCaGWvqGkALPPuVd8UyqZ yIbKX6cu/yGw7kTUMpJlbKfSaQmrkDnUW2kDT0y+FMFmrS5CTTKMRZtPnskOgQEx0JuJ Kxjl5VW3igwXVKwK7zNG2SkZSQ7ty0QYBszueiXr5Skx2db12OOAjTXeeJ3L5oiR6wAb 7yD2x0krcD++stMZP9wHBKhz9eUAJ32L2ISHCj5Nhe/BGlYLj6RcLhQj1pbw5PUuCrxv Manw== X-Gm-Message-State: ALoCoQnITE1twoJcJiUHtcZk0lyej17oiJWwnOVb34gi6gzmpTIrbyWiB//nAKOwLqq8jtG8RGA9 X-Received: by 10.194.193.9 with SMTP id hk9mr32516574wjc.42.1424779165200; Tue, 24 Feb 2015 03:59:25 -0800 (PST) Received: from [192.168.19.15] (ipbcc0d8c7.dynamic.kabel-deutschland.de. [188.192.216.199]) by mx.google.com with ESMTPSA id g10sm20219416wic.7.2015.02.24.03.59.23 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 24 Feb 2015 03:59:24 -0800 (PST) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-ID: Date: Tue, 24 Feb 2015 12:59:22 +0100 To: PHP Internals Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\)) X-Mailer: Apple Mail (2.2070.6) Subject: Allow "tightening" of PHP_INI_SYSTEM directives in PHP_INI_PERDIR+ contexts? From: dz@heroku.com (David Zuelke) Hi, Currently, some directives such as "expose_php" or "allow_url_fopen" can = only be changed on the PHP_INI_SYSTEM level, which in some cases = apparently even means through php.ini only. Wouldn't it make sense to allow "tightening" of these values in, say, a = PERDIR contexts? So "expose_php" can be disabled in an FPM config, but = not enabled? This would, I think, be useful for several directives that could then be = set to a "safer" setting on a per-dir basis, such as: - expose_php - allow_url_fopen - allow_url_includes (if set to "1" in system) - disable_functions/classes (only additions to the list allowed) Thoughts? David