Ilia Alshanetsky wrote: > What's to say /drive/smb or letter:// is not an SMB device? Also why > break perfectly valid applications that perform operations on networked > file systems?
We are only talking about marking them as is_url which doesn't have anything to do with performing normal operations on networked filesystems. How many real apps rely on being able to execute code via an smb include? The exact same argument could me made for a localhost http or ftp include which we also disallow. The fact that someone can map a remote machine to a local drive actually means that they can make sure their app works because then they have pre-configured which hosts are valid hosts for this use. If a bad guy can mount remote filesystems onto your server, then you have bigger problems. -Rasmus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
