Hello Ilia, Wednesday, January 17, 2007, 3:09:15 PM, you wrote:
> On 16-Jan-07, at 8:07 PM, Sara Golemon wrote: >> allow_url_include has been bashed lately for being "not good >> enough", and there is a kernel of truth to that, though where the >> ultimate blame falls if of course a touchy subject. > Not really, I mean is it so difficult to expect the extension writer > to know that if they are working with remote streams that they should > set is_url to 1 rather then 0. Well these are two different things. One is a naming issue, where the name of a structure member is more than misleading. On the other hand we have the INI setting which currently only allows to chose between all and nothing. That means, if you need to enable one of the external url handlers then you are forced to allow them all and by that lowering your security settings. Sara's patch now gives a much better control. Regardless of whether extension writers read the docu or not. However we might wantto rename the structure member. [...] Best regards, Marcus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
