I see that you added a boolean arg to stream_wrapper_register(). Why
couldn't it be an integer mask of OR-ed predefined constants, providing
some space for more stream options. A local stream would be created with :
stream_wrapper_register($protocol,$class,STREAM_IS_LOCAL);
Well, it could be
> From: Stanislav Malyshev [mailto:[EMAIL PROTECTED]
>
> According to the plan below, attached is the patch that
> restricts user
> streams from executing dangerous operations inside include context.
> Please comment.
I see that you added a boolean arg to stream_wrapper_register(). Why
could
why then not have ini as follows:
allow_url_(fopen|include)_(local|user|remote)
That is 6 for the six cases - or is that too easy?
Because there's no need for 6 settings. Also, what
allow_url_include_local is supposed to mean? Why would one prohibit
local file access and local includes?
Th
Hello Stanislav,
why then not have ini as follows:
allow_url_(fopen|include)_(local|user|remote)
That is 6 for the six cases - or is that too easy?
We could also have the _remote case be an alias to keep the old style
and have full consistency.
best regards
marcus
Wednesday, May 30, 2007, 2:16
According to the plan below, attached is the patch that restricts user
streams from executing dangerous operations inside include context.
Please comment.
Forgot to mention - the patch is against HEAD and does not include
changing names of INI/structure fields, though it might be a good idea t
According to the plan below, attached is the patch that restricts user
streams from executing dangerous operations inside include context.
Please comment.
I think the problem could be solved this way:
0. allow_url_include and allow_url_fopen renamed to
allow_remote_include and allow_remote_fop
