On 5-Nov-06, at 12:13 PM, Rasmus Lerdorf wrote:
Ilia Alshanetsky wrote:
What's to say /drive/smb or letter:// is not an SMB device? Also why
break perfectly valid applications that perform operations on
networked
file systems?
We are only talking about marking them as is_url which doesn't have
anything to do with performing normal operations on networked
filesystems. How many real apps rely on being able to execute code
via
an smb include?
Quite a few since many "real apps" will happily install on an SMB
share in a linux or windows environment. While this is an uncommon
practice on linux I've seen this done many times in the Windows
environment. In linux I have seen this date frequently for backup
purposes (managed by PHP app) where php would create a backup and
write it to the storage machine via SMB. Quite a few big hosters now
offer access to SAN via SMB for backup purposes.
The exact same argument could me made for a localhost
http or ftp include which we also disallow. The fact that someone can
map a remote machine to a local drive actually means that they can
make
sure their app works because then they have pre-configured which hosts
are valid hosts for this use.
Not all users can mount the smb system due to permission restrictions
or simple lack of knowhow on how to do that. While latter can be
solved, solving the former is quite a bit trickier.
Ilia Alshanetsky
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
