PHP :: Doc Bug #36622 :: fopen() wrappers accessible per se

Doc Bug #36622	fopen() wrappers accessible per se
Submitted:	2006-03-05 22:30 UTC	Modified:	2006-03-26 04:32 UTC
From:	php-bug at t43 dot mine dot nu	Assigned:
Status:	Not a bug	Package:	Documentation problem
PHP Version:	5.1.2	OS:	all
Private report:	No	CVE-ID:	None

View Developer Edit

[2006-03-05 22:30 UTC] php-bug at t43 dot mine dot nu

Description:
------------
The protocol:// wrappers are availabe only thru fopen() and similar calls, right now, which can be unsafe... 
It would be great if they where callable by themselfes, as not everyone will easily write the protocols. They can be useful despite allow_url_fopen .

(In other words, allow_url_fopen=false will block fopen(), but does not hinder the knowing of doing it manually, however hinders the less knowing of securing fopen() easily AND using explicitely wrappers. I'm in this situation.)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-03-05 23:42 UTC] php-bug at t43 dot mine dot nu

Maybe I was not writing too clear. I would like to access the protocol wrappers one way or the other, but not only mangled into fopen(). It would love to say allow_url_fopen=Off, and still do ftp/http->stream_open (ftp/http://host.tld/myfile.txt) for example.

I looked into Streams (chapter CXLV. Stream Functions), but there the wrappers, or the class names of the wrappers, or the objects, are not available for use.

[2006-03-26 00:48 UTC] php-bug at t43 dot mine dot nu

Delving into source code, 
main/streams/plain_wrapper.c
ext/standard/basic_functions.c
ext/standard/http_fopen_wrapper.c

it becomes obvious that the predefined streams (file, http,..) are not made in php with stream_register_wrapper('protocol',php_class), and therefore there is no class of which a new instance could be simply created.

http_fopen_wrapper.c teaches me that it would be not trivial to do http myself.

[2006-03-26 03:43 UTC] php-bug at t43 dot mine dot nu

I believe http:// and ftp:// can be done using CURL, gzip is also available directly.

Just a question of documentation and helpful books (which  aren't) thru the phpmaze.

[2006-03-26 04:21 UTC] php-bug at t43 dot mine dot nu

file:// und php:// are documented as unrestricted by allow_url_fopen, see appendix M, tables M-1 and M-6. However there is a bug in Windows consisting in that file:// is restricted in Windows when allow_url_fopen=Off. 

http:// and ftp:// are available thru CURL in similar ways as thru fopen(), just there is no example for FTP in the PHP Manual, only for http:// .

[2006-03-26 04:32 UTC] php-bug at t43 dot mine dot nu

Above is not true. file:// and php:// coexist with allow_url_fopen=Off.

I give up. Take the bug# as how difficult it is... for a newcomer.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Nov 09 09:00:01 2025 UTC