Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:27582 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 94346 invoked by uid 1010); 22 Jan 2007 11:24:16 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 94331 invoked from network); 22 Jan 2007 11:24:16 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Jan 2007 11:24:16 -0000 Authentication-Results: pb1.pair.com smtp.mail=rquadling@googlemail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=rquadling@googlemail.com; sender-id=pass; domainkeys=bad Received-SPF: pass (pb1.pair.com: domain googlemail.com designates 66.249.92.171 as permitted sender) DomainKey-Status: bad X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 X-PHP-List-Original-Sender: rquadling@googlemail.com X-Host-Fingerprint: 66.249.92.171 ug-out-1314.google.com Linux 2.4/2.6 Received: from [66.249.92.171] ([66.249.92.171:63848] helo=ug-out-1314.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 67/69-10607-FDE94B54 for ; Mon, 22 Jan 2007 06:24:15 -0500 Received: by ug-out-1314.google.com with SMTP id o4so1050559uge for ; Mon, 22 Jan 2007 03:24:12 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=n6kB6+L+hp3kk/dlItFD3xgD2wHwjc4N/nTrCadh+VFpquU+Yops6TFLPtQAkLvLXdyt13dkFjQRXjG6eCdelnDAx4OJFemcHgG1dv/ZoIMCHprqgkXRV6efVGC1y8pe719bpPM1hMkHz6WH8q3fFLY+7msPQOHak6E2KspdNn8= Received: by 10.82.152.16 with SMTP id z16mr6436884bud.1169465052059; Mon, 22 Jan 2007 03:24:12 -0800 (PST) Received: by 10.78.75.16 with HTTP; Mon, 22 Jan 2007 03:24:11 -0800 (PST) Message-ID: <10845a340701220324k66be2ecaiedc94051956d1176@mail.gmail.com> Date: Mon, 22 Jan 2007 11:24:11 +0000 Reply-To: RQuadling@GoogleMail.com To: ceo@l-i-e.com Cc: "Sara Golemon" , internals@lists.php.net In-Reply-To: <62752.209.254.223.2.1169444659.squirrel@www.l-i-e.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <45AD76C3.5030303@php.net> <62752.209.254.223.2.1169444659.squirrel@www.l-i-e.com> Subject: Re: [PHP-DEV] allow_url_fopen / allow_url_include and fine grained control From: rquadling@googlemail.com ("Richard Quadling") Hmm. Yes. I see. Moot indeed. On 22/01/07, Richard Lynch wrote: > On Tue, January 16, 2007 7:07 pm, Sara Golemon wrote: > > allow_url_fopen and allow_url_include continue to accept boolean flags > > in order to behave just as they do now: true/on allows anything, > > false/off allows only those wrappers without the is_url bit set. > > +1, fwiw. > > As far as the "user" being able to implement something otherwise > dis-allowed... > > Well, yeah, they could. > > I'm not sure who would really turn off an internal wrapper, then turn > on "user" then be upset that somebody coded a work-around for a > blocked internal wrapper... I mean, that just seems like an unlikely > real-world sequence of events, in any decent work-place... > > I suppose if it's the case of malicious code getting executed, there'd > be a point, but really, once you have arbitrary malicious PHP code > getting executed on your box, it's kind of moot if they can then > download more PHP code to execute, isn't it?... > > -- > Some people have a "gift" link here. > Know what I want? > I want you to buy a CD from some starving artist. > http://cdbaby.com/browse/from/lynch > Yeah, I get a buck. So? > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > -- ----- Richard Quadling Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 "Standing on the shoulders of some very clever giants!"