Quote:
Originally posted by darkone
I prefer not allow it, as it would/could open new security holes.
|
Must say I don't understand that. I suggested to translate the config path setting to full path, then give it to PHP. PHP will never see a .., and I can't really see how it would be possible to 'exploit' a ioFTPD.ini setting..? Since access to that file really means the guy is already in complete control of the ftp...
IMHO, forcing one full path in the config when all other paths can be relative, is not a good thing. I just installed it over at a friend's house, to transfer files from my notebook to his pc instead of using g6 (which ate up cpu like hell, and transfered at max 3MBps when io did 8.5MBps), and i told him 'what's cool, is that you can just move the dir wherever you want it... it will still work'
I think that's a good thing for io...
Anyway, enough babbling... just wanted to know if there was something i didn't see...