Dangerous PHP/Ensim Bug!

Safe Mode appears to be on, it says its on for local and master via the phpinfo() script but I can virtual include /etc/passwd and it will show the contents of the file. However, "some" function appear to be blocked by safe mode. This is very dangerous because users can see other files that they do not own.

Safe mode is on in php.ini and also in httpd.conf file. This problem exists on all sites of my server. I have the very latest ensim patch and version.

Has anyone found a fix for this?

PHP 4.3.1
Ensim 3.1.5-1

 

 

 

 

Top