Hmm. Yes. I see. Moot indeed.
On 22/01/07, Richard Lynch <[EMAIL PROTECTED]> wrote:
On Tue, January 16, 2007 7:07 pm, Sara Golemon wrote:
> allow_url_fopen and allow_url_include continue to accept boolean flags
> in order to behave just as they do now: true/on allows anything,
> false/off allows only those wrappers without the is_url bit set.
+1, fwiw.
As far as the "user" being able to implement something otherwise
dis-allowed...
Well, yeah, they could.
I'm not sure who would really turn off an internal wrapper, then turn
on "user" then be upset that somebody coded a work-around for a
blocked internal wrapper... I mean, that just seems like an unlikely
real-world sequence of events, in any decent work-place...
I suppose if it's the case of malicious code getting executed, there'd
be a point, but really, once you have arbitrary malicious PHP code
getting executed on your box, it's kind of moot if they can then
download more PHP code to execute, isn't it?...
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
--
-----
Richard Quadling
Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731
"Standing on the shoulders of some very clever giants!"
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
