Brian,
I totally get what you are saying.
I just may have not translated my thoughts to you very well and I am very
sorry for that.
I tested the design on a few of my servers.
I had issues on my windows Servers and did not have issues on my RHEL
servers
There is an actual term for this practice it is called "Linkal Gymnastics"
I have read many articles on this issue, in trying to explain the path
issues using "../" .
Many complain of performance issues in windows as well as Linux.
I want to propose something and you tell me if it makes sense.
Load the path to the file, not from the current location.
It is just bad practice, and if you ever change the location of the file you
have major problems.
You're not guessing at the location backwards and running into performance
issues.
Instead of loading the file in reverse
require_once("../../../../ini.inc.php"); <-- this path could be wrong.
try
require_once("C:/intepub/vhost/yourdoamin.com/httpdocs/www/ini.inc.php");<--
unless you move it the direct path is always right.
You can create constants as I said before making your life easier.
define('BASE_PATH','C:\\inetpub\\vhosts\\yourdoamin.com\\httpdocs\\');
simply calling
require_once(BASE_PATH."www/ini.inc.php");
I cannot tell you why there are performance issue, but there are and it
seems to be more directory path issues than php.
They did write a paper on this issue at Texas U under "Computer Science
Recursive Backtracking"
I hope this helps
Richard L. Buskirk
-----Original Message-----
From: Brian Smither [mailto:bhsmither@xxxxxxxxx]
Sent: Thursday, June 30, 2011 2:30 PM
To: php-general@xxxxxxxxxxxxx
Subject: Re: Parent Limits?
With all kind respect to Richard Buskirk and Daniel Brown (thank you for
responding), their replies did not actually answer my question.
My question is: What module or php.ini setting would render inoperative a
directory traversal of X parents?
My original post follows.
The following works (three parents):
include("../../../includes/ini.inc.php");
require_once("../../../includes/ini.inc.php");
The following works (four parents):
include("../../../../includes/ini.inc.php");
The following does not work (four parents):
require_once("../../../../includes/ini.inc.php");
That is, require_once() with four parents has been reported to have been
disabled for security purposes. But apparently, not disabled is include()
with four parents.
The device or setting which is causing the problem is not known to me. It
may be just the four parents (and include() is getting the data from this
file elsewhere) or it may be the combination.
It has been reported this is not a limit within open_basedir. So, what is
it? What module or php.ini setting would have this effect?
Thank you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
