From:             [EMAIL PROTECTED]
Operating system: Linux
PHP version:      4.0.6
PHP Bug Type:     *Configuration Issues
Bug description:  "allow_url_fopen = On" disables safe_mode UID check

When I turn off allow_url_fopen in php.ini the safe_mode UID check seems to
be disabled. 

With "allow_url_fopen = on" an include("/etc/passwd") returns the following

"The script whose uid is 10000 is not allowed to access /etc/passwd owned
by uid 0"

after I've changed the settings to "allow_url_fopen = off" the inclusion
works fine, so there is no way to prevent customers from including external
files and local system files.
Edit bug report at:

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to