Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:26335
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.162 as permitted sender)
Message-ID: <454D7BE9.7040004@zend.com>
Date: Sat, 04 Nov 2006 21:51:37 -0800
Organization: Zend Technologies
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To: Peter Brodersen <penguin@php.net>
CC: Rasmus Lerdorf <rasmus@lerdorf.com>,  internals@lists.php.net
References: <454C5E50.4030108@zend.com> <454CFAA1.10104@lerdorf.com> <aqvpk2df25h8lc2s6326i8igoh20uj6q1v@4ax.com>
In-Reply-To: <aqvpk2df25h8lc2s6326i8igoh20uj6q1v@4ax.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] allow_url_include and php:/data:
From: stas@zend.com (Stanislav Malyshev)

> Would requests to a smbserver, e.g.
> \\10.20.30.40\evil\malicious_php_code.txt be prevented as well? It
> seems like smbserver requests are regarded as part of the default
> filesystem wrapper.

Good point. Generally I'd say it belongs to the OS, but I'm not sure if 
you can restrict this from OS side?

-- 
Stanislav Malyshev, Zend Products Engineer
stas@zend.com  http://www.zend.com/