Sort of thinking out loud and not really sure if this is possible, but if a wrapper is NOT present (specifically denied) in allow_url_fopen, but "user" is present, could a user defined wrapper emulate the missing one, thereby bypassing the restriction?
On 18/01/07, Sara Golemon <[EMAIL PROTECTED]> wrote:
> I assume this would also mean all userland stream wrappers become is_url=1? > > Anyway, +1. > This patch, by itself, doesn't affect the is_urlness of userspace wrappers. Whether or not we change their designation is up to a separate concensus (I'm in favor of it for the record). Funnily enough though, Pierre and I were just discussing the problem of userspace wrappers. Specifying all potential userspace wrapper names in a whitelist style allow_url_fopen setting isn't realistic, so we thought it might be a good idea to add a sort of "meta-wrapper" name to be used in the whitelist style. e.g. allow_url_fopen=file,http,ftp,user would allow those first three wrappers explicitly by name, plus any userdefined wrapper (regardless of specific name). For completeness, we might also add a metawrapper called "internal" for "All non-userspace based wrappers", though the specific usefulness of that is a little more iffy... -Sara -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
-- ----- Richard Quadling Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 "Standing on the shoulders of some very clever giants!" -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
