On 10/05/2004 12:03 PM, Marten Lehmann <lehmann@xxxxxx> wrote: > Hello, > > one account of a user on our webserver was compromised using a feature > of fopen to load external sources. As of the documentation, there shall > be a configure option called "--disable-url-fopen-wrapper". > Unfortunately, this option doesn't seem to exist in 4.3.9. How can I set > a default for allow_url_fopen during the compilation? Or is the only way > to set > > allow_url_fopen=0 > > in the master php.ini? As of PHP 4.3.5, I believe the only way to change allow_url_fopen is via php.ini or httpd.conf. AFAICT, --disable-url-fopen-wrapper disappeared in PHP 4.0.4. Paul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
