Dmitry Stogov wrote:
This behavior is already implemented in "improved" patch that I sent on Saturday.Thanks. Dmitry.
[snip]
What I mean is: fopen("this_is_not_a_dir_but_a_file/../../../../../../../../etc/passwd", "r"); works because of realpath() and PHP's wrapper.
[snip] Does this change affect code like: include "../file.php"; ? Thanks, Greg -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php