Web lists-archives.com

[PHP] session.save_path and open_basedir




Hi,

i noticed that "session.save_path" doesn't have to be included in "open_basedir". I tried this with PHP 5.6.18-1~dotdeb+7.1 on Debian wheezy and a Apache 2.4 mod_proxy_fcgi/PHP-FPM setup. Isn't this contrary to

Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Stas, Maksymilian Arciemowicz)

in http://php.net/ChangeLog-5.php#5.2.4 ?

Or has something changed since then? I've been away from configuring PHP for some time...

thanks
matthias

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php