[PHP] session.save_path and open_basedir
- Date: Sat, 20 Feb 2016 14:43:18 +0100
- From: Matthias Leopold <matthias@xxxxxxxxxxxxxxx>
- Subject: [PHP] session.save_path and open_basedir
i noticed that "session.save_path" doesn't have to be included in
"open_basedir". I tried this with PHP 5.6.18-1~dotdeb+7.1 on Debian
wheezy and a Apache 2.4 mod_proxy_fcgi/PHP-FPM setup. Isn't this
Fixed session.save_path and error_log values to be checked against
open_basedir and safe_mode (CVE-2007-3378) (Stas, Maksymilian Arciemowicz)
in http://php.net/ChangeLog-5.php#5.2.4 ?
Or has something changed since then? I've been away from configuring PHP
for some time...
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php