Consortium News
Promotional Links
Please support us by providing a link to the PHP Security Consortium on your web site. You can also use our promotional image:

PhpSecInfo Test Information

file_support

Test Description

This tests to see if the user is running PHP 5.1.6 or higher, which fixes a vulnerability in the cURL library.

Security Implications

Older versions of the curl library shipped with PHP allowed it to bypass the restrictions put in place by open_basedir or safe_mode using a file:// URL.

Recommendations

You should always be running the newest version of PHP. Check php.net for the most recent release. If you're installing PHP via a package manager, contact your OS vendor and ask them to start using the newest PHP release.

More Information

« Test information index

Get PhpSecInfo