Stanislav Malyshev wrote:
> Hi!
>
>> Alternatively include() could be extended to allow resources, so the
>> above would turn info
>>
>> if ($fp = @fopen($file, 'r', true)) {
>> include($fp);
>> fclose($fp);
>> }
>
> This would break security distinction between file ops and include ops,
> when URLs are allowed for open but not include.
>
Not really - the wrapper used to open the file pointer is stored in the
resource, so we can just check it against the same restrictions we would
for static urls. I think this idea deserves another look.
Greg
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
