cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

Re: open_basedir and curl

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 6 Nov 2008 10:49:12 +0100 (CET)

On Thu, 6 Nov 2008, curl wrote:

> $ch = curl_init('file:///c:\test.txt');
>
> ...it is possible to bypass the php_admin_value open_basedir and see the
> contents of file.
>
> I would like to know if it's possible to solve this issue and how to do.

Why enable file:// support in libcurl at all if you don't want it?

And if PHP has a dynamic way that should prevent access to such URLs, it
should prevent access to them in the libcurl binding layer I would say.

-- 
  / daniel.haxx.se
_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php

Received on 2008-11-06

This message: [ Message body ]
Next message: haroon ahmad: "Re: open_basedir and curl"
Previous message: curl: "open_basedir and curl"
In reply to: curl: "open_basedir and curl"
Next in thread: haroon ahmad: "Re: open_basedir and curl"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]