Stanislav Malyshev wrote:
> Hi!
>
>> Alternatively include() could be extended to allow resources, so the
>> above would turn info
>>
>> if ($fp = @fopen($file, 'r', true)) {
>> include($fp);
>> fclose($fp);
>> }
>
> This would break security distinction between file ops and include ops,
> when URLs are allowed for open but not include.
Yes, I was going to say, this sounds like a very bad idea security-wise.
We'd be back to the local vs. remote resource identification problem.
-Rasmus
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
