|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2007-02-13 18:33 UTC] nlopess@php.net
[2007-02-20 17:46 UTC] antispam at brokenhill dot net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Fri Oct 24 07:00:01 2025 UTC |
Description: ------------ One thing that seems clear from my experience, but which is not documented, is that ftp_ssl_connect silently falls back to ftp_connect if ftps is not available. Test case: make a ftps connection to a server which does not support ftps. You will still get a connection and be able to use all ftp_ functions. The connection will simply fall back to ftp_connect. This should be documented as it could lead to a false sense of security. Reproduce code: --------------- public function connect($host, $user, $pass, $type=self::FTP) { $this->_host = $host; $this->_user = $user; $this->_pw = $pass; $this->_type = $type; if ($this->_type==self::FTPS) $this->_conn = ftp_ssl_connect($this->_host); else $this->_conn = ftp_connect($this->_host); $loginResult = ftp_login($this->_conn, $this->_user, $this->_pw); if (!$this->_conn) { cx_log("Could not connect to FTP server", __FUNCTION__, __FILE__, CX_ERR_CRITICAL); return FALSE; } else if (!$loginResult) { cx_log("Could not login to FTP server", __FUNCTION__, __FILE__, CX_ERR_CRITICAL); return FALSE; } else { return TRUE; } } Expected result: ---------------- I would expect to have a ftps connection made, or an error stating that ftps is not available. Actual result: -------------- Instead it silently gives me an ftp_connect (non SSL) connection, which leads to a false sense of security. Found this out by running tcpdump and seeing that nothing was encrypted.