Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:13596 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 27133 invoked by uid 1010); 29 Oct 2004 16:23:48 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 27102 invoked from network); 29 Oct 2004 16:23:47 -0000 Received: from unknown (HELO took.shire) (68.125.98.48) by pb1.pair.com with SMTP; 29 Oct 2004 16:23:47 -0000 Received: (qmail 90991 invoked by uid 1001); 29 Oct 2004 16:26:08 -0000 Date: Fri, 29 Oct 2004 16:26:08 +0000 To: internals@lists.php.net Message-ID: <20041029162608.GE31167@bagend.shire> Mail-Followup-To: internals@lists.php.net References: <41811956.4050405@caedmon.net> <20041029105149.3b150c7d.tony2001@phpclub.net> <24e5f3b704102901044714577f@mail.gmail.com> <20041029122028.2a0e9fa2.tony2001@phpclub.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041029122028.2a0e9fa2.tony2001@phpclub.net> User-Agent: Mutt/1.4.1i Subject: Re: [PHP-DEV] curl_init() is bypassing safe_mode & open_basedir restrictions From: curt@php.net (Curt Zirzow) * Thus wrote Antony Dovgal: > On Fri, 29 Oct 2004 01:04:23 -0700 > Sterling Hughes wrote: > > > no.... curl does not need to respect php's safemode, adding such > > checks at this level is wrong. people who compile curl, can do so > > without local file access, and this will solve their problem. > > agree, curl doesn't need to respect safemode, but PHP does. > we're talking about PHP's extension, right ? One thing I noticed in some testing was the host part in the file:// url has no meaning so: curl_init('file://whateveryouwant/etc/group'); Works fine. Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid!