How to allow use of fopen and getimagesize on urls without schemes e.g. // instead of http://

Dreaded semicolon asked:

I set open_basedir in the site conf. but I noticed errors “open_basedir restriction in effect” when using getimagesize with uri that start with // instead of http://

how to allow this? Can adding // to open_basedir be a security risk?

My answer:

You need to add the scheme back to the URL yourself. Anything starting with / is read from the local filesystem, and if you added that to open_basedir, it would allow reading the entire filesystem, making it just about the same as turning it off.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.