That isn't what I meant. What I mean is, if an included file doesn't have execute permissions, can (or will) php still execute it?scottayy wrote:Absolutely.astions wrote:Are included files "evaled" or "executed" by the PHP engine?
Bulletproof __autoloader
Moderator: General Moderators
I decided to test it. I chmod'ed an important include as 0444 (read only), and it didn't cause any problems.Jenk wrote:I *think* it depends on webserver installation, and type of installation. If your are using CGI-BIN install then it will need execute permission, but if it's module then you might be ok without it.
Not sure if that is a good thing security wise or not, but never the less it worked fine. Don't know about CGI-BIN install though..
It's still the php executable that is ...executedhttp://www.php.net/manual/en/install.windows.apache2.php wrote:Installing as a CGI binary
[...]
Action application/x-httpd-php "/php/php.exe"
The script is only read by the php parser.
It's the permissions of the files requested that dictate the action, not the permissions of the php.exe.http://www.php.net/manual/en/security.cgi-bin.default.php wrote:Case 1: only public files served
If your server does not have any content that is not restricted by password or ip based access control, there is no need for these configuration options. If your web server does not allow you to do redirects, or the server does not have a way to communicate to the PHP binary that the request is a safely redirected request, you can specify the option --enable-force-cgi-redirect to the configure script. You still have to make sure your PHP scripts do not rely on one or another way of calling the script, neither by directly http://my.host/cgi-bin/php/dir/script.php nor by redirection http://my.host/dir/script.php.
Redirection can be configured in Apache by using AddHandler and Action directives (see below).
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
I think we need to differentiate between executable by the OS and executable by PHP. PHP scripts are not executable by the OS and the term executable is not normally used for them. I believe "run" is usually used for PHP scripts. The PHP program itself must be executable by the OS to be execute. The execute permissions need to be set for the current user for PHP to be able to be executed.
PHP scripts only need to be readable by PHP to be run.
PHP scripts only need to be readable by PHP to be run.
(#10850)
You can have scripts with #!/bin/php as first line and invoke them "directly" from the shell. Then the execute flag is needed (at least with bash it is).arborint wrote:I think we need to differentiate between executable by the OS and executable by PHP. PHP scripts are not executable by the OS and the term executable is not normally used for them.
But that's ot, since __autoload implies that php is already running and therefore only read permissions are needed for additional script files.