ID: 21310
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Open
+Status: Feedback
Bug Type: *Directory/Filesystem functions
Operating System: Solaris 8
PHP Version: 4.3.0
New Comment:
What are the exact locations of both the script trying to include() and
the file being included?
Previous Comments:
------------------------------------------------------------------------
[2003-01-15 05:00:08] [EMAIL PROTECTED]
phpinfo(): .:/usr/local/lib/php
php.ini: include_path = ".:/usr/local/lib/php"
------------------------------------------------------------------------
[2003-01-15 03:18:37] [EMAIL PROTECTED]
What does phpinfo() output for include_path?
What is include_path set to in your php.ini file?
------------------------------------------------------------------------
[2003-01-10 08:18:46] [EMAIL PROTECTED]
I also think it is a bugg.
On ours servers all directories have only eXecute access to other.
Give read access to other on all level is realy a problem.
Cordialy.
------------------------------------------------------------------------
[2003-01-06 12:02:18] [EMAIL PROTECTED]
yes, same thing for me.
if HTTP server has permission to read all directories in path to the
file, all users can read directories of other user and it's really not
secure ...
------------------------------------------------------------------------
[2003-01-05 16:59:45] [EMAIL PROTECTED]
In my humble opinion it is a bug, because:
1. Previous version of PHP (4.0) could read file without full path,
even if PHP couldnt read "." or higher directory.
2. PHP reads several directories (why?) when includes each file without
full path.
2. There is no technical reason to give PHP access to read all
directories from "/" to directories with PHP scripts.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/21310
--
Edit this bug report at http://bugs.php.net/?id=21310&edit=1
