Hi,
i noticed that "session.save_path" doesn't have to be included in
"open_basedir". I tried this with PHP 5.6.18-1~dotdeb+7.1 on Debian
wheezy and a Apache 2.4 mod_proxy_fcgi/PHP-FPM setup. Isn't this
contrary to
Fixed session.save_path and error_log values to be checked against
open_basedir and safe_mode (CVE-2007-3378) (Stas, Maksymilian Arciemowicz)
in http://php.net/ChangeLog-5.php#5.2.4 ?
Or has something changed since then? I've been away from configuring PHP
for some time...
thanks
matthias
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
