On Thu, 9 Feb 2006 14:48:17 +0100, Thomas -Balu- Walter list+roundcube-dev@b-a-l-u.de wrote:
On Thu, Feb 09, 2006 at 10:26:53AM -0300, Lic. Martin Marques wrote:
On Thu, 9 Feb 2006, Thomas -Balu- Walter wrote:
If you tell people to switch that off, they might get problems with other scripts.
They can always have diferent settings for diferent directory
definitions
in the web server.
As I said before, magic_quotes is a very bad thing, and security must come from the programmer, not an automatic quoter.
I absolutely agree with you here. But the programmer should also make his software user/admin friendly and I don't think the 5 lines workaround needed to fix this problem are too much hassle for the coder...
You will have more problems telling website-"admins" (which usually don't know a bit of webserver administration) to change a PHP setting - just for this subdirectory - been there, done that ;).
In drupal the distributed .htaccess has the following:
# Override PHP settings. More exist in sites/default/settings.php, but # the following cannot be changed at runtime.
<IfModule sapi_apache2.c> php_value magic_quotes_gpc 0 php_value register_globals 0 php_value session.auto_start 0 </IfModule>
Wound something like that work here? I'd rather have RC decide how RC is going to work than have people go out and tweak their php.ini.
P
http://fak3r.com - you don\'t have to kick it