* Thus wrote lists: > I"m kinda bummed, I tried to us it last night and discovered I could > not use it because Pair Networks disables the ability, can't include > either. > > from their newsletter: > > "Lately, the most common method of exploit has been to pass a variable > to a PHP script which does not sufficiently check the variable's value. > The variable is then used in a "require" or "include" statement, and > the variable contents cause malicious code to be fetched from a remote > location instead of from a local file, as the author intended. This > type of exploit is easily blocked by setting the allow_fopen_url > configuration value to "Off." We have recently adopted this change > globally; if you have a script that requires the ability to open remote > URLs, you can re-enable this functionality. Before doing so, please > make sure you are checking all user-supplied data carefully."
Pair is only turning this off by default so users are aware of the security implications. It looks like you still have the power to turn it on if you wish. Curt -- Quoth the Raven, "Nevermore." -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
