[wp-testers] Re: 2.0.1 Testing: XMLRPC, Cache, Uploads
Christian Mohn
h0bbel at p0ggel.org
Wed Jan 18 22:33:55 GMT 2006
> I wish safe_mode were more functional. In some environments,
> PHP runs with the UID of the script owner, but directories
> are created with the UID of the web server. When we try to
> put files in these directories, safe_mode triggers and
> disallows creation of the files. Further, is_writable()
> doesn't take safe_mode into account so it says the directory
> is writable even though it isn't.
> Annoying.
FYI:
>From http://www.php.net/~derick/meeting-notes.html#safe-mode regarding PHP6
and safe_mode.
"2.3 safe_mode
Issue: safe_mode is a feature in PHP that checks whether files to be opened
or included have the same GID/UID as the starting script. This can cause
many problems, for example if an application generates a cache file, it will
do this with the user ID that belongs to the web server (usually "nobody").
As an application is usually uploaded by the user belonging to the web
account (say "client") the scripts can no longer open the files that the
application. The same problems happen when for example an application
generates an image.
Conclusions:
1. We remove the safe_mode feature from PHP.
2. We throw an E_CORE_ERROR when starting PHP and when we detect the
safe_mode setting."
More information about the wp-testers
mailing list