From: [EMAIL PROTECTED]
Operating system: Linux
PHP version: 4.0.6
PHP Bug Type: *Configuration Issues
Bug description: "allow_url_fopen = On" disables safe_mode UID check
When I turn off allow_url_fopen in php.ini the safe_mode UID check seems to
be disabled.
With "allow_url_fopen = on" an include("/etc/passwd") returns the following
error:
"The script whose uid is 10000 is not allowed to access /etc/passwd owned
by uid 0"
after I've changed the settings to "allow_url_fopen = off" the inclusion
works fine, so there is no way to prevent customers from including external
files and local system files.
--
Edit bug report at: http://bugs.php.net/?id=13060&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
