[TYPO3-dev] Small issue with TYPO3 + PHP 5.2.4 curlopt_followlocation warning
Martin Kutschker
martin.kutschker-n0spam at no5pam-blackbox.net
Fri Sep 21 21:17:45 CEST 2007
christian reiter schrieb:
> Hello,
>
> The function getUrl in class.t3lib_div.php sets CURLOPT_FOLLOWLOCATION
> by default. This leads to a security warning. Configuration: MySQL
> 5.0.45, PHP 5.2.4, Apache 2.2.6, Solaris 10, running in safe_mode.
>
> The newest PHP release considers CURLOPT_FOLLOWLOCATION to be unsafe
> (wich is understandable) and disables it when running safe_mode. Earlier
> versions tolerated it even in safe mode.
>
> I think this is perhaps an option which should only be explicitly set
> when whoever calls getURL (extension author etc) is aware of possible
> risks.
Have a look at the bug tracker.
Masi
More information about the TYPO3-dev
mailing list