From: [EMAIL PROTECTED] Operating system: Linux PHP version: 4.2.3 PHP Bug Type: *General Issues Bug description: safe_mode allows include-ing of http documents
I believe PHP with safe_mode enabled should not allow include-ing of files via http:// or any other remote means, if it will not allow based on permissions and open_basedir and such. The relevand portion of httpd.conf: php_admin_flag safe_mode on php_admin_value open_basedir /home/web/www.tras.pl/ php_admin_value doc_root /home/web/www.tras.pl/www/ php_admin_value safe_mode_exec_dir /usr/local/php/bin test script at: http://www.tras.pl/test-safe.php source at: http://www.tras.pl/test-safe.txt -- Edit bug report at http://bugs.php.net/?id=19703&edit=1 -- Try a CVS snapshot: http://bugs.php.net/fix.php?id=19703&r=trysnapshot Fixed in CVS: http://bugs.php.net/fix.php?id=19703&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=19703&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=19703&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=19703&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=19703&r=support Expected behavior: http://bugs.php.net/fix.php?id=19703&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=19703&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=19703&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=19703&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=19703&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=19703&r=dst
