There is currently (and probably has been for quite a few releases) a crash bug where allow_url_fopen can not be set on a per-virtual host basis. That's because wrappers are only initialized on module init if PG(allow_url_fopen) is set, rather than request init.
I plan to change it so that wrappers are *always* initialized. So that the allow_url_fopen setting is respected, I'm adding an is_url field to the wrapper structure. If a wrapper has this field set and PG(allow_url_fopen) is not set, the streams system will display a warning stating that URLs are not allowed. Now, the question is: was the original intention of the allow_url_fopen setting to prevent people from running scripts that contact the network? If so, it would be OK to have the zlib, bzip2 and user-space wrappers classed as not being a url for the purposes of this security/policy check? Heres a chart summarizing the new behaviour: wrapper allow_url_fopen=on allow_url_fopen=off ==================================================== http allowed disallowed ftp allowed disallowed bzip2 allowed allowed zlib allowed allowed user allowed allowed user-space streams could potentially access the network using fsockopen etc., but I don't think this is an issue because the admin can then disable the use of that function as well. Are there any reasons against this? --Wez. -- Wez Furlong The Brain Room Ltd. -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
