I got anonyed that the dev php response to this was curl's issue and to turn off curl local file access so here is a hax work around i wrote maybe they will get off there arses and submit something like this in the next release. in ext/curl/curl.c, add the following to the function "PHP_FUNCTION(curl_init)". char *newurl;
<this goes after the argc check>
newurl=estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url));
if(strncmp(newurl,file://,7)==0)
{
memmove(newurl,newurl+7,strlen(newurl)-7);
newurl[strlen(newurl)-7+1]='\0';
if
(php_check_open_basedir(newurl TSRMLS_CC))
{
RETURN_FALSE;
}
}
|
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html