On Sat, 04 Nov 2006 12:40:01 -0800, in php.internals [EMAIL PROTECTED] (Rasmus Lerdorf) wrote:
>Yeah, we probably should. Had a chat with Wez about it too. Here is >the patch. I think this catches the cases we are interested in: > > http://lerdorf.com/php/is_url.diff > >If someone could doublecheck it against those attacks it would be helpful. Would requests to a smbserver, e.g. \\10.20.30.40\evil\malicious_php_code.txt be prevented as well? It seems like smbserver requests are regarded as part of the default filesystem wrapper. -- - Peter Brodersen -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
