Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:45999
Return-Path: <stas@zend.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 69241 invoked from network); 10 Nov 2009 18:17:07 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 10 Nov 2009 18:17:07 -0000
Authentication-Results: pb1.pair.com smtp.mail=stas@zend.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=stas@zend.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.185 as permitted sender)
X-PHP-List-Original-Sender: stas@zend.com
X-Host-Fingerprint: 212.25.124.185 il-mr1.zend.com  
Received: from [212.25.124.185] ([212.25.124.185:58840] helo=il-mr1.zend.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 73/B5-38546-12EA9FA4 for <internals@lists.php.net>; Tue, 10 Nov 2009 13:17:07 -0500
Received: from us-gw1.zend.com (unknown [192.168.16.5])
	by il-mr1.zend.com (Postfix) with ESMTP id BAB2050467;
	Tue, 10 Nov 2009 20:04:32 +0200 (IST)
Received: from [192.168.27.1] ([192.168.27.1]) by us-gw1.zend.com with Microsoft SMTPSVC(6.0.3790.3959);
	 Tue, 10 Nov 2009 10:17:00 -0800
Message-ID: <4AF9AE1A.9000005@zend.com>
Date: Tue, 10 Nov 2009 10:16:58 -0800
Organization: Zend Technologies
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Christian Schneider <cschneid@cschneid.com>
CC: Lukas Kahwe Smith <mls@pooteeweet.org>, 
 PHP Developers Mailing List <internals@lists.php.net>
References: <413588E2-8AC8-49F7-B7BF-97BEFB0A71E4@pooteeweet.org> <4AF9A03E.8000207@cschneid.com>
In-Reply-To: <4AF9A03E.8000207@cschneid.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 10 Nov 2009 18:17:00.0304 (UTC) FILETIME=[FEE85900:01CA6231]
Subject: Re: [PHP-DEV] Re: alternative to the fopen() hack in autoloaders
From: stas@zend.com (Stanislav Malyshev)

Hi!

> Alternatively include() could be extended to allow resources, so the
> above would turn info
> 
> if ($fp = @fopen($file, 'r', true)) {
> 	include($fp);
> 	fclose($fp);
> }

This would break security distinction between file ops and include ops, 
when URLs are allowed for open but not include.

-- 
Stanislav Malyshev, Zend Software Architect
stas@zend.com   http://www.zend.com/
(408)253-8829   MSN: stas@zend.com