Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:13594
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Date: Fri, 29 Oct 2004 11:24:00 -0400 (EDT)
To: Klaus Reimer <k-php-dev@ailis.de>
cc: internals@lists.php.net
In-Reply-To: <4182029F.2040700@ailis.de>
Message-ID: <Pine.LNX.4.58.0410291120310.17719@miranda.org>
References: <41811956.4050405@caedmon.net>  <20041029105149.3b150c7d.tony2001@phpclub.net>
 <24e5f3b704102901044714577f@mail.gmail.com> <4182029F.2040700@ailis.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Re: [PHP-DEV] curl_init() is bypassing safe_mode & open_basedir
 restrictions
From: adam@trachtenberg.com (Adam Maccabee Trachtenberg)

On Fri, 29 Oct 2004, Klaus Reimer wrote:

> Sterling Hughes wrote:
> > no....  curl does not need to respect php's safemode, adding such
> > checks at this level is wrong.  people who compile curl, can do so
> > without local file access, and this will solve their problem.
>
> What about people who use precompiled packages like the Debian packages?
> They don't have a "special" Curl for PHP. The curl debian package will
> never "disable" file-support just because it breaks a feature of PHP. So
> Debian users can't use safemode then if they need the curl extension and
> if they don't want (or don't know how) to compile the stuff.

Safe mode is for people who are running shared servers and want to
wall off areas. If you're doing this, you should be willing and able
to configure programs if necessary. I don't mind making ISP sys admins
configure cURL with a special flag, nor do I think it's too onerous a burden.

-adam

-- 
adam@trachtenberg.com
author of o'reilly's "upgrading to php 5" and "php cookbook"
avoid the holiday rush, buy your copies today!