IMO disable allow_url_fopen by default is a bad idea as it would break
multitudes of applications that rely on being open URLs via various PHP
functions like getimagesize(), simplexml_load_file(), etc...
I think Stefan's idea of allowing the setting to be disabled by the
script, but not enabled by it is the best. This way script writers who
know which parts of the app/library do not need the functionality can
explicitly disable it there.
Ilia
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
