Hi!
> require('cuteponies.gif) wouldn't work with this RFC.
> move_uploaded_files() prohibits uploading PHP script.
You seem not to be reading the scenario. The include URL would be
phar://cuteponies.gif/pwnd.php and the uploaded file would be
cuteponies.gif. Your protection would not stop moving .gif file, and
your filename check would pass phar://cuteponies.gif/pwnd.php since it
ends in .php.
--
Stas Malyshev
[email protected]
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
