you're not safe with php_opendir
i didn't test it too much, but it's logical and i have some evidences, so here it goes:
let's suppose you have two users, with the following domains and homedirs:
user1 - user1.com - /home/user1/
user2 - user2.com - /home/user2/
then theorically when you set php_opendir you restrict user1 to /home/user1/ and user2 to /home/user2/
ok...
now I'm user1, and want to access a file owned by user2...
if I make a php that tries to access it, php_opendir will say "naah! it's not on your restricted area"
but if I try to open it as:
http://www.user2.com/~user1/myphp.php
guess what?
now you're restricted to user2 homedir
comments?
