On Tue, January 16, 2007 7:07 pm, Sara Golemon wrote: > allow_url_fopen and allow_url_include continue to accept boolean flags > in order to behave just as they do now: true/on allows anything, > false/off allows only those wrappers without the is_url bit set.
+1, fwiw. As far as the "user" being able to implement something otherwise dis-allowed... Well, yeah, they could. I'm not sure who would really turn off an internal wrapper, then turn on "user" then be upset that somebody coded a work-around for a blocked internal wrapper... I mean, that just seems like an unlikely real-world sequence of events, in any decent work-place... I suppose if it's the case of malicious code getting executed, there'd be a point, but really, once you have arbitrary malicious PHP code getting executed on your box, it's kind of moot if they can then download more PHP code to execute, isn't it?... -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
