Send a blank email to [email protected] to get a copy of this message
Hello Wez,
and i thought i was finished with this :-)
Well yeah you could do things like:
marcus@zaphod /usr/src/PHP_5_2 $ php -r "include
'data:;base64,PD9waHAgZWNobyAiSGVsbG8gd29ybGQKIjsgPz4=';"
make: `sapi/cli/php' is up to date.
Hello world
Hey you have a strange sender identification
"[email protected]" which is what i get for the
personal mail that btw doesn't include a subject.
best regards
marcus
Sunday, May 14, 2006, 10:55:59 PM, you wrote:
> Are you sure about that?> Seems to me that this is one case that really should be protected by> allow_url_fopen, as it allows specifying arbitrary data in the> filename.> While this is not quite such a big deal in HEAD, it is in PHP 5.2.> I think this needs further analysis and discussion before we roll PHP 5.2.> --Wez.> On 5/14/06, Marcus Boerger <[email protected]> wrote:>> helly Sun May 14 19:13:17 2006 UTC>>>> Modified files:>> /php-src/main/streams memory.c>> Log:>> - No need to have this controlled by allow_url_fopen>>>> http://cvs.php.net/viewcvs.cgi/php-src/main/streams/memory.c?r1=1.19&r2=1.20&diff_format=u>> Index: php-src/main/streams/memory.c>> diff -u php-src/main/streams/memory.c:1.19 php-src/main/streams/memory.c:1.20>> --- php-src/main/streams/memory.c:1.19 Sun May 14 01:39:24 2006>> +++ php-src/main/streams/memory.c Sun May 14 19:13:17 2006>> @@ -16,7 +16,7 @@>> +----------------------------------------------------------------------+>> */>>>> -/* $Id: memory.c,v 1.19 2006/05/14 01:39:24 helly Exp $ */>> +/* $Id: memory.c,v 1.20 2006/05/14 19:13:17 helly Exp $ */>>>> #define _GNU_SOURCE>> #include "php.h">> @@ -701,7 +701,7 @@>> php_stream_wrapper php_stream_rfc2397_wrapper = {>> &php_stream_rfc2397_wops,>> NULL,>> - 1, /* is_url */>> + 0, /* is_url */>> };>>>> /*>>>> -->> PHP CVS Mailing List (http://www.php.net/)>> To unsubscribe, visit: http://www.php.net/unsub.php>>>>
Best regards,
Marcus