mike Mon Jul 24 12:15:28 2006 UTC Modified files: (Branch: PHP_5_2) /php-src README.UPDATE_5_2 Log: - note about allow_url_include http://cvs.php.net/viewvc.cgi/php-src/README.UPDATE_5_2?r1=1.1.2.6&r2=1.1.2.7&diff_format=u Index: php-src/README.UPDATE_5_2 diff -u php-src/README.UPDATE_5_2:1.1.2.6 php-src/README.UPDATE_5_2:1.1.2.7 --- php-src/README.UPDATE_5_2:1.1.2.6 Sun Jul 23 18:51:23 2006 +++ php-src/README.UPDATE_5_2 Mon Jul 24 12:15:28 2006 @@ -40,3 +40,12 @@ no longer work for a file with the name 'data' accessed without any path. IF you need to do so you have to prefix the filename with the "file:" protocol. For the functionality itself look here http://www.faqs.org/rfcs/rfc2397.html. + +- Added allow_url_include ini directive to complement allow_url_fopen. (Rasmus) + + With this option one can now distinguish between standard file operations on + remote files and inclusion of remote files. While the former is usually + desired, the latter implies security risks if used naivly. Starting with + PHP-5.2 it is now possible to allow standard file operations while + dissalowing inclusion of remote files, which will also be the default + configuration.
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php