Hi, I've experienced a lot of attacks in my hosting server due to silly users and their scripts with holes. So I prepared this little patch to 4.3.10, which disables using url wrappers in include/include_once/require/require_once statemens (switchable in php.ini). See readme.security from patch patch is there: http://orin.meinlschmidt.org/~znouza/php_patch.txt comments are welcome /tom -- =============================================================================== Tomas Meinlschmidt, SBN3, MCT, MCP, MCP+I, MCSE, NetApp Filer & NetCache gPG fp: CB78 76D9 210F 256A ADF4 0B02 BECA D462 66AB 6F56 / $ID: 66AB6F56 GCS d-(?) s: a- C++ ULHISC*++++$ P+++>++++ L+++$>++++ E--- W+++$ N++(+) !o !K w(---) !O !M V PS+ PE Y+ PGP++ t+@ !5 X? R tv b+ !DI D+ G e>+++ h---- r+++ z+++@ =============================================================================== -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
