cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

Re: open_basedir and curl

From: curl <curl_at_mailbox.podzone.org>
Date: Thu, 06 Nov 2008 11:36:01 +0100

Daniel Stenberg a �crit : On Thu, 6 Nov 2008, curl wrote:

    $ch = curl_init('file:///c:\test.txt');

...it is possible to bypass the php_admin_value open_basedir and see the contents of file.

I would like to know if it's possible to solve this issue and how to do.

  Why enable file:// support in libcurl at all if you don't want it?

  And if PHP has a dynamic way that should prevent access to such URLs, it should prevent access to them in the libcurl binding layer I would say.

    Sorry but i don't know how to disable file:// support in libcurl...i need to recompile php_curl.dll without file:// support ? Are you saying that ? :)

haroon ahmad a �crit :
No, you cannot by pass open_basedir restriction. Yes i can ! that's the problem :)

_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2008-11-06

This message: [ Message body ]
Next message: curl: "Re: open_basedir and curl"
Previous message: haroon ahmad: "Re: open_basedir and curl"
Maybe in reply to: curl: "open_basedir and curl"
Next in thread: curl: "Re: open_basedir and curl"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]