Page 1 of 1
$_SERVER[DOCUMENT_ROOT]
Posted: Sat Jul 21, 2007 1:47 pm
by nwp
I need to know a very simple thing and a 100% correct answer.
does $_SERVER[DOCUMENT_ROOT] work in safe mode ??
if yes is there any circumstances when $_SERVER[DOCUMENT_ROOT] doesnt work ??
please help me.
--------------------------------
I am talking about PHP 4 and above
Posted: Sat Jul 21, 2007 1:51 pm
by feyd
Hmm.. try it. That's your 100% correct answer to an 80% question.
Posted: Sat Jul 21, 2007 1:57 pm
by nwp
Please dont joke.
How can I try
My hosting company dont have safe mode enabled
I dont have it enabled in my own PC
and also the actuall all server configurs themselvs differently
and I need to know is that syntax compatiable with all those Configurations ??
Posted: Sat Jul 21, 2007 2:22 pm
by superdezign
nwp wrote:I dont have it enabled in my own PC
Then enable it. Look in php.ini.
Re: $_SERVER[DOCUMENT_ROOT]
Posted: Sat Jul 21, 2007 3:14 pm
by The Phoenix
nwp wrote:I need to know a very simple thing and a 100% correct answer.
does $_SERVER[DOCUMENT_ROOT] work in safe mode ??
No
but there are workarounds.
nwp wrote:if yes is there any circumstances when $_SERVER[DOCUMENT_ROOT] doesnt work ??
please help me.
Yes, it also does not generally work on OpenBSD, or when using non-apache webservers (not all web servers pass that information to php).
Posted: Sat Jul 21, 2007 5:00 pm
by Ollie Saunders
Don't use safe mode. I've been deprecated since PHP 5.1 (i think) and will be removed in PHP 6. If you are trying to secure your PHP config then I recommend something like this:
Code: Select all
register_globals=off
allow_url_fopen=off
enable_dl=off
expose_php=off
disable_functions=sql_regcase,escapeshellarg,escapeshellcmd,exec,passthru,proc_cl,se,proc_get_status,proc_nice,proc_open,proc_close,proc_terminate,shell_exec,system,openlog,syslog,virtual
open_basedir = /var/www/ ; be even more specific if you like in each virutalhost
error_reporting = E_ALL
log_errors = On
; consider making this virutalhost specific
error_log = /var/www/logs/php/php_error_log
display_errors = Off
display_startup_errors = Off
memory_limit = 8M ; this is pretty strict, increase for gd work
post_max_size = 8M
max_input_time = 60
max_execution_time = 30 ; reduce on fast servers (mine is 10)
file_uploads = Off
upload_max_filesize = 2M
upload_tmp_dir = /var/www/tmp
; set this to same as ServerName in each name-based vitualhost
session.referer_check = localhost
Selective overridding for strengthening / relaxing these in VirtualHost is pretty esseniual as well and can be done with code like this:
Code: Select all
php_flag file_uploads on
php_admin_value open_basedir "/monkey"
php_value post_max_size "4M"
There's also
suhosin
Posted: Sat Jul 21, 2007 11:03 pm
by nwp
Ok thanks
Posted: Sun Jul 22, 2007 8:46 am
by The Phoenix
ole wrote:I've been deprecated since PHP 5.1 (i think) and will be removed in PHP 6.
Don't worry, ole, we still love you.

Posted: Sun Jul 22, 2007 11:54 am
by John Cartwright
The Phoenix wrote:ole wrote:I've been deprecated since PHP 5.1 (i think) and will be removed in PHP 6.
Don't worry, ole, we still love you.


Posted: Sun Jul 22, 2007 12:53 pm
by Ollie Saunders
lol I'm always doing that.
Posted: Sun Jul 22, 2007 6:32 pm
by timvw
If you look at all the warnings... You'll find out that using $_SERVER[xxxx], thus without quotes around xxxx, is not a good approach to access array elements....
Posted: Sun Jul 22, 2007 9:06 pm
by superdezign
ole wrote:lol I'm always doing that.
Sounds like an issue of ego.

Posted: Mon Jul 23, 2007 2:57 am
by Ollie Saunders
hehe....nah it's an issue of dyslexia.
Posted: Mon Jul 23, 2007 6:32 am
by superdezign
ole wrote:hehe....nah it's an issue of dyslexia.
.elo rooP