----- Original Message ----- From: "Derick Rethans" <[EMAIL PROTECTED]> To: "Adam Maccabee Trachtenberg" <[EMAIL PROTECTED]> Cc: "Klaus Reimer" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, October 29, 2004 12:55 PM Subject: Re: [PHP-DEV] curl_init() is bypassing safe_mode & open_basedir restrictions
> On Fri, 29 Oct 2004, Adam Maccabee Trachtenberg wrote: > > > On Fri, 29 Oct 2004, Klaus Reimer wrote: > > > > > Sterling Hughes wrote: > > > > no.... curl does not need to respect php's safemode, adding such > > > > checks at this level is wrong. people who compile curl, can do so > > > > without local file access, and this will solve their problem. > > > > > > What about people who use precompiled packages like the Debian packages? > > > They don't have a "special" Curl for PHP. The curl debian package will > > > never "disable" file-support just because it breaks a feature of PHP. So > > > Debian users can't use safemode then if they need the curl extension and > > > if they don't want (or don't know how) to compile the stuff. > > > > Safe mode is for people who are running shared servers and want to > > wall off areas. If you're doing this, you should be willing and able > > to configure programs if necessary. I don't mind making ISP sys admins > > configure cURL with a special flag, nor do I think it's too onerous a burden. > > > Exactly! and what happens in the (admittedly unlikely) case where something else on the same box depends on that feature being available in libcurl? i don't see what is wrong in restricting the functionality exposed by the php curl extension based on safe_mode in practice (as opposed to ideally) provided the patch is clean, straightforward and without breakage side effects. paul -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
