2007/5/18, Greg Beaver <[EMAIL PROTECTED]>:
Hi,
I think I have a solution that would allow user streams in PHP 6 and
still satisfy paranoid hosters.
s/paranoid/sane/g
as it is still possible through fsockopen() and
other methods to access the outside world.
with a "tiny" :) difference, remote connections fsockopen() and
friends will not parse and interprate PHP code directly unless the
user eval() it..:)
A firewall is the only way
to truly prevent access to the outside world.
yes, agree, but the remote "include" feature just make unintentional
mistakes easy, if you look real life code that uses the url_include
thingy.. in the 99% they meant readfile() ..ohh but what about fopen +
eval ? well in that case the user will **always** want to eval()
**explicitely** and there is nothing that PHP can do to avoid that
stupiduty..
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
