Derick Rethans wrote: > On Mon, 27 Jun 2005, Yasuo Ohgaki wrote: > > >>I think most of us can agree following statement >> >>"allow_url_fopen = ON" is dangerous and the feature is not >>useful most of the times. > > > I disagree. With proper filtering, or using non-user-supplied > information there is no problem.
I don't have objection to your statement. It could be used safely, but there are many applications that had serious problems even if applications did not require allow_url_fopen to be enabled. I understands one have different opinion to another, so the most acceptable configution for most would be make allow_url_fopen - OFF by default - INI_ALL -- Yasuo Ohgaki -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
