mike            Mon Jul 24 12:15:28 2006 UTC

  Modified files:              (Branch: PHP_5_2)
    /php-src    README.UPDATE_5_2 
  Log:
  - note about allow_url_include
  
http://cvs.php.net/viewvc.cgi/php-src/README.UPDATE_5_2?r1=1.1.2.6&r2=1.1.2.7&diff_format=u
Index: php-src/README.UPDATE_5_2
diff -u php-src/README.UPDATE_5_2:1.1.2.6 php-src/README.UPDATE_5_2:1.1.2.7
--- php-src/README.UPDATE_5_2:1.1.2.6   Sun Jul 23 18:51:23 2006
+++ php-src/README.UPDATE_5_2   Mon Jul 24 12:15:28 2006
@@ -40,3 +40,12 @@
   no longer work for a file with the name 'data' accessed without any path. IF
   you need to do so you have to prefix the filename with the "file:" protocol.
   For the functionality itself look here http://www.faqs.org/rfcs/rfc2397.html.
+
+- Added allow_url_include ini directive to complement allow_url_fopen. (Rasmus)
+
+  With this option one can now distinguish between standard file operations on
+  remote files and inclusion of remote files.  While the former is usually
+  desired, the latter implies security risks if used naivly.  Starting with
+  PHP-5.2 it is now possible to allow standard file operations while
+  dissalowing inclusion of remote files, which will also be the default
+  configuration.

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to