[TYPO3-dev] Small issue with TYPO3 + PHP 5.2.4 curlopt_followlocation warning
christian reiter
cr at cxd.de
Fri Sep 21 17:14:54 CEST 2007
Hello,
The function getUrl in class.t3lib_div.php sets CURLOPT_FOLLOWLOCATION
by default. This leads to a security warning. Configuration: MySQL
5.0.45, PHP 5.2.4, Apache 2.2.6, Solaris 10, running in safe_mode.
The newest PHP release considers CURLOPT_FOLLOWLOCATION to be unsafe
(wich is understandable) and disables it when running safe_mode. Earlier
versions tolerated it even in safe mode.
I think this is perhaps an option which should only be explicitly set
when whoever calls getURL (extension author etc) is aware of possible risks.
Greetings,
Christian
More information about the TYPO3-dev
mailing list