At 12:00 10/7/2002 +0200, Derick Rethans wrote: >On Mon, 7 Oct 2002, Tit "Black" Petric wrote: > > > > Hello, > > > > > > why is this function commented out for Windows? Shouldn't it just always > > > return "TRUE" on WIndows? > > > > > > Derick > > > > shouldnt it only return true on *exe, com, pif, bat, ..? > > > > and i guess on directories if its used that way.. > >No, as for windows everything is executable... see the .scr virusses for >example :)
Yes - and that's why it is a good idea, to either not implement it, or return true. For instance - in a CMS you tipically allow uploads, to a specific location. is_executable, is one of the checks you could implement, to make sure it doesn't overwrite something nasty. On windows this would either fail every file upload or - if you return false - it would allow overwriting of true executables. Of course - since NTSEC has more security layers than standard unix filepermissions, one could argue, that a good server administrator knows how to propogate per- missions in a webtree. In that case, you need to detect NTSEC. Met vriendelijke groeten / With kind regards, Webmaster IDG.nl Melvyn Sopacua <@Logan> I spent a minute looking at my own code by accident. <@Logan> I was thinking "What the hell is this guy doing?" -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
