Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:39842 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 23205 invoked from network); 11 Aug 2008 21:41:37 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 11 Aug 2008 21:41:37 -0000 Authentication-Results: pb1.pair.com header.from=greg@chiaraquartet.net; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=greg@chiaraquartet.net; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain chiaraquartet.net from 208.83.222.18 cause and error) X-PHP-List-Original-Sender: greg@chiaraquartet.net X-Host-Fingerprint: 208.83.222.18 unknown Linux 2.6 Received: from [208.83.222.18] ([208.83.222.18:58745] helo=mail.bluga.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 6F/B4-30561-F02B0A84 for ; Mon, 11 Aug 2008 17:41:36 -0400 Received: from mail.bluga.net (localhost.localdomain [127.0.0.1]) by mail.bluga.net (Postfix) with ESMTP id 7EAD594DC9C; Mon, 11 Aug 2008 14:41:24 -0700 (MST) Received: from [172.20.1.107] (63-254-99-130.ip.mcleodusa.net [63.254.99.130]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.bluga.net (Postfix) with ESMTP id 18A5F94DC97; Mon, 11 Aug 2008 14:41:24 -0700 (MST) Message-ID: <48A0B1FB.6080604@chiaraquartet.net> Date: Mon, 11 Aug 2008 16:41:15 -0500 User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) MIME-Version: 1.0 To: Dmitry Stogov CC: internals@lists.php.net References: <4899C4B4.3060902@liip.ch> <1218138548.5346.3.camel@felipe> <489B5285.1070000@lerdorf.com> <200808072237.01841.arnaud.lb@gmail.com> <7f3ed2c30808080011l3c62d416k7fd9b4dd455df99e@mail.gmail.com> <489C6BBA.8030101@zend.com> <489D811D.6090401@sektioneins.de> <489E3623.50008@lerdorf.com> <489FD934.8090905@zend.com> In-Reply-To: <489FD934.8090905@zend.com> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Subject: Re: [PHP-DEV] include bug in 5.3 From: greg@chiaraquartet.net (Greg Beaver) Dmitry Stogov wrote: > This behavior is already implemented in "improved" patch that I sent on > Saturday. > > Thanks. Dmitry. [snip] >>> What I mean is: >>> >>> fopen("this_is_not_a_dir_but_a_file/../../../../../../../../etc/passwd", >>> "r"); >>> >>> works because of realpath() and PHP's wrapper. [snip] Does this change affect code like: include "../file.php"; ? Thanks, Greg