Yasuo Ohgaki in php.internals (Mon, 23 Feb 2015 18:53:10 +0900):
On Mon, Feb 23, 2015 at 6:52 PM, Yasuo Ohgaki yohg...@ohgaki.net wrote:
ini_set('.php .phar .module .etc');
ini_set('zend.script_extensions', '.php .phar .module .etc');
to be correct.
Quote from a Drupal 7 .htaccess:
# Protect
Hi Jan,
On Tue, Feb 24, 2015 at 12:51 AM, Jan Ehrhardt php...@ehrhardt.nl wrote:
Yasuo Ohgaki in php.internals (Mon, 23 Feb 2015 18:53:10 +0900):
On Mon, Feb 23, 2015 at 6:52 PM, Yasuo Ohgaki yohg...@ohgaki.net wrote:
ini_set('.php .phar .module .etc');
ini_set('zend.script_extensions',
Stanislav Malyshev in php.internals (Sun, 22 Feb 2015 14:00:02 -0800):
2. Default configuration would break tons of PHP scripts with extensions
other than .php (very frequent case). The BC break potential of this is
very big as it modifies core functionality.
Exactly my point with the Drupal
Hi Jan,
On Mon, Feb 23, 2015 at 6:32 PM, Jan Ehrhardt php...@ehrhardt.nl wrote:
Stanislav Malyshev in php.internals (Sun, 22 Feb 2015 14:00:02 -0800):
2. Default configuration would break tons of PHP scripts with extensions
other than .php (very frequent case). The BC break potential of this
Hi!
I think this will be the final discussion before vote.
This RFC is to make PHP stronger against script inclusion attacks just like
other languages.
https://wiki.php.net/rfc/script_only_include
I still think this RFC takes a wrong road for the following reasons:
1. Having any code in
Hi Stas,
On Mon, Feb 23, 2015 at 7:00 AM, Stanislav Malyshev smalys...@gmail.com
wrote:
I think this will be the final discussion before vote.
This RFC is to make PHP stronger against script inclusion attacks just
like
other languages.
https://wiki.php.net/rfc/script_only_include
I
Does this have any impact on allow_url_include or has that setting
been retained?
Yes, folk do indeed try to do this, for example hitting up Google:
http://www.quora.com/Why-do-include-and-require_once-not-work-with-remote-files
Paddy
On 21 February 2015 at 01:06, Yasuo Ohgaki
From the RFC:
Patches and Tests
Will be prepared before vote.
The implementation details may determine how some people vote. Is the
patch still coming before the voting is opened?
cheers
Dan
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:
Hi Padraic,
On Sat, Feb 21, 2015 at 5:18 PM, Pádraic Brady padraic.br...@gmail.com
wrote:
Does this have any impact on allow_url_include or has that setting
been retained?
Yes, folk do indeed try to do this, for example hitting up Google:
Hi Dan,
On Sun, Feb 22, 2015 at 12:40 AM, Dan Ackroyd dan...@basereality.com
wrote:
From the RFC:
Patches and Tests
Will be prepared before vote.
The implementation details may determine how some people vote. Is the
patch still coming before the voting is opened?
Yes. The patch will be
Hi all,
I think this will be the final discussion before vote.
This RFC is to make PHP stronger against script inclusion attacks just like
other languages.
https://wiki.php.net/rfc/script_only_include
I hope everyone will like this proposal.
Thank you all who have participated to discussions.
11 matches
Mail list logo