-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Dmitry,
while you are at fixing realpath() it might be a good idea to fix the
../ nonsense.
What I mean is:
fopen("this_is_not_a_dir_but_a_file/../../../../../../../../etc/passwd",
"r");
works because of realpath() and PHP's wrapper.
Same for
fopen("this_is_not_existing/../../../../../../../../etc/passwd", "r");
Both is madness...
Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEUEARECAAYFAkidgR0ACgkQSuF5XhWr2nhovACXZpeATBITDai/M1wsCuavuZ3C
OgCgn46uM4XHwENW7si4aJzeNgnuTKg=
=QiYy
-----END PGP SIGNATURE-----
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
