Hi,

Sorry for my language but i don't speak well english...

I do some tests under windows (with php 5.2.6.6 and apache 2.2.10) and have a security problem with curl.

Like this :

<?php
print "<pre>";
$ch = curl_init('file:///c:\test.txt');
curl_exec ($ch);
curl_close ($ch);
print "</pre>";
?>

...it is possible to bypass the php_admin_value open_basedir and see the contents of file.

I would like to know if it's possible to solve this issue and how to do.

Thanks

_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2008-11-06