from their newsletter:
"Lately, the most common method of exploit has been to pass a variable to a PHP script which does not sufficiently check the variable's value. The variable is then used in a "require" or "include" statement, and the variable contents cause malicious code to be fetched from a remote location instead of from a local file, as the author intended. This type of exploit is easily blocked by setting the allow_fopen_url configuration value to "Off." We have recently adopted this change globally; if you have a script that requires the ability to open remote URLs, you can re-enable this functionality. Before doing so, please make sure you are checking all user-supplied data carefully."
On Oct 11, 2004, at 8:17 AM, Greg Donald wrote:
On Mon, 11 Oct 2004 07:24:03 -0700 (PDT), Mag <genphp@xxxxxxxxx> wrote:$url=file_get_contents("http://www.yahoo.com/";);
The thing is, it takes quite some time (2-5 secs) before the contents are in my program (I am using my local webserver on my desktop for testing...not a webserver)
My questions are for you more experienced guys... is there anyway to 'quicken' the process or is this normal? do you recommend anything other than file_get_contents() ? and lastly, is this a resource intensive hog?
The 2-5 seconds is most likely a DNS lookup. You can speed it up by using a local caching DNS server or the IP address, or possibly a DNS server under less load.
file_get_contents() is fairly new and and therefore not very backwards compatible with older PHP installs as a result. It's handy and all, but I found our production servers were running a PHP too old to use it one day last week when I tried.
-- Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
