Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:26387
Return-Path: <stas@zend.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 61331 invoked by uid 1010); 6 Nov 2006 19:03:22 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 61316 invoked from network); 6 Nov 2006 19:03:22 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 6 Nov 2006 19:03:22 -0000
Authentication-Results: pb1.pair.com smtp.mail=stas@zend.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=stas@zend.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.162 as permitted sender)
X-PHP-List-Original-Sender: stas@zend.com
X-Host-Fingerprint: 212.25.124.162 mail.zend.com Linux 2.5 (sometimes 2.4) (4)
Received: from [212.25.124.162] ([212.25.124.162:43012] helo=mail.zend.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 8A/B0-34853-7F68F454 for <internals@lists.php.net>; Mon, 06 Nov 2006 14:03:21 -0500
Received: (qmail 14321 invoked from network); 6 Nov 2006 19:01:51 -0000
Received: from office.zend.office (HELO ?127.0.0.1?) (192.168.16.109)
  by internal.zend.office with SMTP; 6 Nov 2006 19:01:51 -0000
Message-ID: <454F86F9.6060104@zend.com>
Date: Mon, 06 Nov 2006 11:03:21 -0800
Organization: Zend Technologies
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To:  ceo@l-i-e.com
CC:  internals@lists.php.net
References: <454C5E50.4030108@zend.com> <454CFAA1.10104@lerdorf.com>    <aqvpk2df25h8lc2s6326i8igoh20uj6q1v@4ax.com>    <1EA6BEDC-ED17-4FE7-BDB1-B5E5C4FC4BFB@prohost.org>    <4e89b4260611050813x42dc16fq74fc6ee240a0038d@mail.gmail.com>    <2D1DBDC4-F023-43D1-8A9E-BAB953504BCB@prohost.org>    <ps4sk2lcrq4eqmcm3o23bh3q1piko4qsl4@4ax.com>    <0936D8A3-72A3-4BD9-8394-AA0BC2193F56@prohost.org>    <454E1BC0.5070009@lerdorf.com> <24265.208.195.234.246.1162838775.squirrel@www.l-i-e.com>
In-Reply-To: <24265.208.195.234.246.1162838775.squirrel@www.l-i-e.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] allow_url_include and php:/data:
From: stas@zend.com (Stanislav Malyshev)

> But, really, can somebody be both smart enough to get SMB to even
> work, then manage to mount somebody else's untrusted drive or be dumb
> enough to let somebody else mount their own SMB drive, and then
> include() it i their PHP code?  How likely is this scenario?

AFAIK, in order to use \\IP\share\file you do not need to do anything 
for the client machine on windows - it would work out of the box 
provided target computer allows anonymous SMB and TCP/IP access to it is 
available. You do not need to mount it or anything. It would take some 
skill to set the SMB server, but not much more than setting http
server.
Setting it as a drive letter, however, requires some client effort, so I 
think it's where the line should be drawn - letter OK, \\IP not OK. It's 
also something we can easily do :)

-- 
Stanislav Malyshev, Zend Products Engineer
stas@zend.com  http://www.zend.com/