mike Mon Jul 24 12:15:28 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src README.UPDATE_5_2
Log:
- note about allow_url_include
http://cvs.php.net/viewvc.cgi/php-src/README.UPDATE_5_2?r1=1.1.2.6&r2=1.1.2.7&diff_format=u
Index: php-src/README.UPDATE_5_2
diff -u php-src/README.UPDATE_5_2:1.1.2.6 php-src/README.UPDATE_5_2:1.1.2.7
--- php-src/README.UPDATE_5_2:1.1.2.6 Sun Jul 23 18:51:23 2006
+++ php-src/README.UPDATE_5_2 Mon Jul 24 12:15:28 2006
@@ -40,3 +40,12 @@
no longer work for a file with the name 'data' accessed without any path. IF
you need to do so you have to prefix the filename with the "file:" protocol.
For the functionality itself look here http://www.faqs.org/rfcs/rfc2397.html.
+
+- Added allow_url_include ini directive to complement allow_url_fopen. (Rasmus)
+
+ With this option one can now distinguish between standard file operations on
+ remote files and inclusion of remote files. While the former is usually
+ desired, the latter implies security risks if used naivly. Starting with
+ PHP-5.2 it is now possible to allow standard file operations while
+ dissalowing inclusion of remote files, which will also be the default
+ configuration.
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
