The workaround probably works, but is not secure at all.
If you use a standard phpBB config the workaround file will look like
<?
$dbms = 'mysql';
$dbhost = 'localhost';
$table_prefix = 'phpbb_';
if ($_SERVER["HTTP_HOST"] == "ww.dom.ain") {
$dbname = 'x';
$dbuser = 'y';
$dbpasswd = 'z';
} else if ($_SERVER["HTTP_HOST"] == "www.aal.lu") {
...
}
define('PHPBB_INSTALLED', true);
?>
This is probably owned by root and put somewhere in the include_path.
Now if you would like to use safe mode, which is highly recommended on
shared systems, you will have to put this file into
safe_mode_include_dir (everyone will be able to read this file as
permissions will no longer be checked) or disable safe mode for the webs
that would like to use phpBB (and chown this script to www-data, more
secure), but disabling safe mode for an untrusted web is not really an
option.
Obviously another fix will need to be found here. I don't know why noone
takes this buggy PHP stuff seriously. There is at least one upstream bug
http://bugs.php.net/25753 with similar problems, and I have seen many
more complaints around the web. I also would not call it unreproducible
as many people do, you just have to seriously try it out once. Just take
the phpBB example. Suffice to say, I am a little bit frustrated that a
little advanced usage of PHP ends in such a mess.
So, can you please reassign this to whoever is responsible for
libapache(2)-mod-php4 or alike. Probably though I don't think anyone
will fix this for stable anymore...
Regards,
Marc
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
