My understanding is that this coudn't happen because a userspace
stream would be flagged is_url. So unless someone turns off, say
"ftp", and then adds "ftp" to the whitelist, there is no problem. And
if anyone does that, he/she should seriously consider looking for a
job where he/she can't mess things up that badly :P
Am 22.01.2007 um 06:44 schrieb Richard Lynch:
On Tue, January 16, 2007 7:07 pm, Sara Golemon wrote:
allow_url_fopen and allow_url_include continue to accept boolean
flags
in order to behave just as they do now: true/on allows anything,
false/off allows only those wrappers without the is_url bit set.
+1, fwiw.
As far as the "user" being able to implement something otherwise
dis-allowed...
Well, yeah, they could.
I'm not sure who would really turn off an internal wrapper, then turn
on "user" then be upset that somebody coded a work-around for a
blocked internal wrapper... I mean, that just seems like an unlikely
real-world sequence of events, in any decent work-place...
I suppose if it's the case of malicious code getting executed, there'd
be a point, but really, once you have arbitrary malicious PHP code
getting executed on your box, it's kind of moot if they can then
download more PHP code to execute, isn't it?...
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
