Hi! > I'm not against it but, just being curious, what are those security > reasons ?
If you ever accepted serialized data from outside (say, after putting it in a cookie or just having API that accepts serialization) and then forwarded the same data array using cURL, the attacker could create serialized representation of CURLFile that would make cURL send out a file on your filesystem, which would be a security breach. Basically the same security problem as with @, only with serialization involved. It is not frequent case, but possible. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
