On Fri, 29 Oct 2004 16:26:08 +0000
Curt Zirzow <[EMAIL PROTECTED]> wrote:
> * Thus wrote Antony Dovgal:
> > On Fri, 29 Oct 2004 01:04:23 -0700
> > Sterling Hughes <[EMAIL PROTECTED]> wrote:
> >
> > > no.... curl does not need to respect php's safemode, adding such
> > > checks at this level is wrong. people who compile curl, can do so
> > > without local file access, and this will solve their problem.
> >
> > agree, curl doesn't need to respect safemode, but PHP does.
> > we're talking about PHP's extension, right ?
>
> One thing I noticed in some testing was the host part in the
> file:// url has no meaning so:
>
> curl_init('file://whateveryouwant/etc/group');
yup, I see it now.
I can change the patch to check this too.
Currently I'm waiting for Sterling's response.
It's senseless to add any additional checks if he still considers
that adding such things is wrong.
--
Wbr,
Antony Dovgal aka tony2001
[EMAIL PROTECTED] || [EMAIL PROTECTED]
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
