Re: [PHP] allow_url_fopen allow_url_include

Kaushal Shriyan wrote: On Tue, Mar 3, 2009 at 12:21 PM, Kaushal Shriyan kaushalshri...@gmail.com mailto:kaushalshri...@gmail.com wrote: On Tue, Mar 3, 2009 at 11:52 AM, Chris dmag...@gmail.com mailto:dmag...@gmail.com wrote: Kaushal Shriyan wrote: Hi,

Re: [PHP] allow_url_fopen allow_url_include

--- Use FreeOpenSourceSoftwares, Stop piracy, Let the developers live. Get a Free CD of Ubuntu mailed to your door without any cost. Visit : www.ubuntu.com --

Re: [PHP] allow_url_fopen allow_url_include

allow_url_fopen is not a security issue - it only returns the code, it does not execute it. But yes you can use curl instead of relying on allow_url_fopen. Well, allow_url_fopen is really a security issue. A renowned programmer (http://hasin.wordpress.com) said it could even

[PHP] allow_url_fopen allow_url_include

Hi, I have enabled allow_url_fopen allow_url_include in php.ini file. is it a security issue ? please help me understand about its implications. Thanks and Regards Kaushal

Re: [PHP] allow_url_fopen allow_url_include

Kaushal Shriyan wrote: Hi, I have enabled allow_url_fopen allow_url_include in php.ini file. is it a security issue ? allow_url_fopen means you can fetch pages: $page = file_get_contents('http://www.example.com'); This is ok to enable - all it does is fetch the page. It does not execute

Re: [PHP] allow_url_fopen allow_url_include

On Tue, Mar 3, 2009 at 11:52 AM, Chris dmag...@gmail.com wrote: Kaushal Shriyan wrote: Hi, I have enabled allow_url_fopen allow_url_include in php.ini file. is it a security issue ? allow_url_fopen means you can fetch pages: $page = file_get_contents('http://www.example.com'); This

Re: [PHP] allow_url_fopen allow_url_include

On Tue, Mar 3, 2009 at 12:21 PM, Kaushal Shriyan kaushalshri...@gmail.comwrote: On Tue, Mar 3, 2009 at 11:52 AM, Chris dmag...@gmail.com wrote: Kaushal Shriyan wrote: Hi, I have enabled allow_url_fopen allow_url_include in php.ini file. is it a security issue ? allow_url_fopen means