At 19:16 17/08/2001 +0300, Stanislav Malyshev wrote:
>ZS>> While we're at it, I think that we should also take another
>ZS>> recommendation from the advisory that brought this mess upon us
>ZS>> - and turn URL fopens off by default.
>
>Well, generally I personally would even go further and make two functions
>- one for file-only fopen (about 90% of fopen usage?) and another which
>would open everything and the kitchen://sink. Or make some switch, etc. -
>configuration option doesn't seem to me fit here, it's not per-server but
>per-script property if you want URL fopens or not.
*** Consider a mutli-user environment, like an ISP, where many users can
script on the same server.
In that case, we need a system-wide configuration flag.
However, I agree with you that some cases may require having
allow_url_fopen On while preventing most of the others from using it.
I think that case is not depending on PHP but rather on a correctly
implemented httpd server.
hellekin
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
