On Fri, 29 Oct 2004, Curt Zirzow wrote:
> * Thus wrote Antony Dovgal:
> > On Fri, 29 Oct 2004 01:04:23 -0700
> > Sterling Hughes <[EMAIL PROTECTED]> wrote:
> >
> > > no.... curl does not need to respect php's safemode, adding such
> > > checks at this level is wrong. people who compile curl, can do so
> > > without local file access, and this will solve their problem.
> >
> > agree, curl doesn't need to respect safemode, but PHP does.
> > we're talking about PHP's extension, right ?
>
> One thing I noticed in some testing was the host part in the
> file:// url has no meaning so:
>
> curl_init('file://whateveryouwant/etc/group');
>
> Works fine.
That's exactly what my point in an earlier mail meant:
"It's almost certain that one can never put all the necessary checks in
the extension anyway."
Derick
--
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
