Realpath is not only slow, it is also "dangerous" on some systems like linux where it also works on paths that are not really existing.
example: include "./foo/bar/index.php/../../../../../../etc/passwd";
This is a completely legal unix path as .. in / is / again. And from a security point of view I'd say the only thing you gain by disallowing this is that the number of .. in the path have to be guessed (pretty easily) by the attacker.
Or am I missing something here?
Not that I can see the benefit of a home-grown realpath() :-)
- Chris
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
