cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

Re: open_basedir and curl

From: haroon ahmad <haroon_at_fastcreators.com>
Date: Thu, 6 Nov 2008 14:55:26 +0500

No, you cannot by pass open_basedir restriction. If you are Admin then you
can disable it, otherwise you should not try to do this morally and legally
:).

You can enable it for few domains and restrict others.

Haroon Ahmad
www.haroonahmad.co.uk

2008/11/6 curl <curl_at_mailbox.podzone.org>

> Hi,
>
> Sorry for my language but i don't speak well english...
>
> I do some tests under windows (with php 5.2.6.6 and apache 2.2.10) and
> have a security problem with curl.
>
> Like this :
>
> <?php
> print "<pre>";
> $ch = curl_init('file:///c:\test.txt');
> curl_exec ($ch);
> curl_close ($ch);
> print "</pre>";
> ?>
>
> ...it is possible to bypass the php_admin_value open_basedir and see the
> contents of file.
>
> I would like to know if it's possible to solve this issue and how to do.
>
> Thanks
>
> _______________________________________________
> http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
>
>

_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2008-11-06

This message: [ Message body ]
Next message: curl: "Re: open_basedir and curl"
Previous message: Daniel Stenberg: "Re: open_basedir and curl"
In reply to: curl: "open_basedir and curl"
Next in thread: curl: "Re: open_basedir and curl"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]