why then not have ini as follows: allow_url_(fopen|include)_(local|user|remote) That is 6 for the six cases - or is that too easy?
Because there's no need for 6 settings. Also, what allow_url_include_local is supposed to mean? Why would one prohibit local file access and local includes?
The whole idea of the patch is to make user streams behave more like built-in streams while ensuring that random mistakes in user stream implementation (such as forgetting to check if the URL is local) would not lead the stream to include remote code.
-- Stanislav Malyshev, Zend Products Engineer [EMAIL PROTECTED] http://www.zend.com/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
