unread
Hi,
Currently, some directives such as "expose_php" or "allow_url_fopen" can only be changed on the PHP_INI_SYSTEM level, which in some cases apparently even means through php.ini only.
Wouldn't it make sense to allow "tightening" of these values in, say, a PERDIR contexts? So "expose_php" can be disabled in an FPM config, but not enabled?
This would, I think, be useful for several directives that could then be set to a "safer" setting on a per-dir basis, such as:
- expose_php
- allow_url_fopen
- allow_url_includes (if set to "1" in system)
- disable_functions/classes (only additions to the list allowed)
Thoughts?
David