markstory
commented
9 years ago I think excluding DIRECTORY_SEPARATOR is simple enough. Do you often have other constants that your applications can't access because of open basedir?
Closed ajfranzoia closed 9 years ago
markstory
commented
9 years ago I think excluding DIRECTORY_SEPARATOR is simple enough. Do you often have other constants that your applications can't access because of open basedir?
ajfranzoia
commented
9 years ago Yeah, that looks enough, since non-path constants will be filtered out in the strpos($value, DIRECTORY_SEPARATOR) check.
I'm having an issue with
_addConstants()when having open_basedir restrictions in effect. When user constants are passed to this method, it will raise a warning when treatingDSconstant as a path if the root path is not contained in open_basedir config (https://github.com/markstory/mini-asset/blob/master/src/AssetConfig.php#L121). Maybe having some kind of constants whitelist/blacklist to check against the value before validating if path exists?