ID: 34406
Updated by: [EMAIL PROTECTED]
Reported By: info at bastian-frank dot de
-Status: Open
+Status: Closed
Bug Type: Documentation problem
Operating System: All
PHP Version: Irrelevant
New Comment:
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.
Thank you for the report, and for helping us make our documentation
better.
"Security warning: Remote file may be processed at the remote server
(depending on the file extension and the fact if the remote server runs
PHP or not) but it still has to produce a valid PHP script because it
will be processed at the local server. If the file from the remote
server should be processed there and outputted only, readfile() is much
better function to use. Otherwise, special care should be taken to
secure the remote script to produce a valid and desired code."
+ some notes deleted (will be visible on the mirrors after some time)
Previous Comments:
------------------------------------------------------------------------
[2005-09-07 12:54:47] info at bastian-frank dot de
Description:
------------
In the documentation for "include" the example "include() through HTTP"
gives the wrong impression that including an file with URL wrappers is a
legal alternative to a normal include with local files.
This is wrong because an include with URL wrappers parses the file
twice: By the server when executing the "included" HTTP-request and
once again AFTER including it in the current script.
This is not stated clearly and is confusing for people learning PHP.
The user contributed notes show that there IS confusion and even very
insecure tips ("change the file ending") are given in the notes.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=34406&edit=1
