I can't see any conceivable benefit to this restriction when using
open_basedir, as I thought that related to the local file system - unless CURL
can use file:// URLs to access the local system?
That's the problem.
I always use open_basedir (not all the sites on my servers are safe
enough). And that so called security restriction just makes me fury
(unless I don't see significant reasons for it). So, in order not to
irritate my nervous system every time somebody asks me to unset
open_basedir for CURL I decided to find the roots of that PHP
developers' action.
And I don't think it's related to the local file system: there is
another option that restricts protocols while redirecting,
CURLOPT_REDIR_PROTOCOLS, which allows by default all the protocols
supported by CURL, but file and scp. So this kind of restriction (do not
follow file:// while redirecting) would make sense, but not disabling
FOLLOWLOCATION at all. Either they had a better reason or they messed up
a bit :)
Still trying to find a better explanation.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
