ID: 47444 Updated by: [email protected] Reported By: the_djmaze at hotmail dot com -Status: Open +Status: Feedback Bug Type: Streams related Operating System: GNU/Linux PHP Version: 5.2.9RC2 New Comment:
Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If the script requires a database to demonstrate the issue, please make sure it creates all necessary tables, stored procedures etc. Please avoid embedding huge scripts into the report. Previous Comments: ------------------------------------------------------------------------ [2009-02-18 21:19:06] the_djmaze at hotmail dot com Description: ------------ I already know this for years but as of now no-one reported it so i will. You can override the security settings of allow_url_fopen and allow_url_include by using the following functions: http://php.net/stream_wrapper_register http://php.net/stream_wrapper_unregister Due to this you can unregister the HTTP wrapper and register your own. Then with fsockopen or cURL inside that wrapper you completely override the security settings. Reproduce code: --------------- Wrapper class: http://dragonflycms.org/cvs/html/includes/classes/http_wrapper.php?v=1.1 <?php if (!ini_get('allow_url_fopen') && !ini_get('allow_url_include')) { # Force allow_url_fopen=on and allow_url_include=off stream_wrapper_unregister('http'); require('http_wrapper.php'); stream_wrapper_register('http', 'moo_stream_wrapper_http'); } getimagesize('http://www.php.net/images/php.gif'); ?> Expected result: ---------------- Warning: getimagesize() [function.getimagesize]: URL file-access is disabled in the server configuration Warning: getimagesize(http://www.php.net/images/php.gif) [function.getimagesize]: failed to open stream: no suitable wrapper could be found Warning: getimagesize() [function.getimagesize]: URL file-access is disabled in the server configuration Warning: getimagesize(http://www.php.net/images/php.gif) [function.getimagesize]: failed to open stream: no suitable wrapper could be found Actual result: -------------- success! ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=47444&edit=1
