Re: Re: patch to php 4.3.10 to disabling URL wrappers in include like statements

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tell me - how do you want to turn off remote includes and remain remote file working?

allow_url_fopen turns off _both_. There's no choice what to disable

tom

Jason Barnett wrote: 
Tom Z. Meinlschmidt wrote:

Hi,

I've experienced a lot of attacks in my hosting server due to silly users and
their scripts with holes. So I prepared this little patch to 4.3.10, which
disables using url wrappers in include/include_once/require/require_once
statemens (switchable in php.ini). See readme.security from patch

patch is there:

http://orin.meinlschmidt.org/~znouza/php_patch.txt

comments are welcome

/tom



http://php.net/manual/en/ini.php#ini.list

allow_url_fopen = 0


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux