08-10-2012, 06:07 PM
Even when I have set the "safe_mode = On" in my server's php.ini file, how come my user is still able to change the settings in their php page using ini_set() function?
Is there anyway to stop them from changing values using ini_set()?
08-10-2012, 10:14 PM
Safe mode has never had an affect on ini_set. Safe mode is disappearing soon as well.
I don't know why you want to disable it, but you may specify ini_set under the disabled_functions ini directive.
BTW, I've never added ini_set to a disabled function before. ini_set isn't a construct, so it should work under the disabled functions directive (unlike calls like eval).
08-11-2012, 07:10 AM
thanks for the reply,
Another question is that, in the phpinfo() screen i see two values "Local" and "Master" what do they mean?
08-11-2012, 07:26 AM
Master is your ini values from php.ini, and local is defined by apache or script level.
08-11-2012, 07:34 AM
so if we change a value for example "session.use_trans_sid" to 1 in our script, will it reflect in the phpinfo() screen?
08-11-2012, 04:22 PM
It will if it was done either from a point of .htaccess, or within the same script that calls phpinfo(). ini_set is a temporary change of a configuration state, if its done inline with a script its discarded at the end of the script run.
08-11-2012, 05:34 PM
Thanks for the reply Fou-Lu