Hi Jan, On Sun, Feb 22, 2015 at 12:33 AM, Jan Ehrhardt <php...@ehrhardt.nl> wrote:
> Yasuo Ohgaki in php.internals (Sat, 21 Feb 2015 10:06:24 +0900): > >I think this will be the final discussion before vote. > >This RFC is to make PHP stronger against script inclusion attacks just > like > >other languages. > > > >https://wiki.php.net/rfc/script_only_include > > > >I hope everyone will like this proposal. > > Am I correct in assuning that files with extensions like .inc, .install, > .module will not be included by default anymore if this RFC is accepted? > And that only a change in the php.ini can make those files includable? > > Drupal uses files like these, even in Drupal 8 beta. Would not that be a > big obstacle for installing Drupal, especially at shared hosters where > the user has no control over php.ini? > I forgot to write INI type. The INI is INI_ALL, so users may use any filename extensions. I added. Thank you. -- Yasuo Ohgaki yohg...@ohgaki.net
