allow_url_include is deprecated but no reason or consequences are given

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

The "Migrating from PHP 7.3.x to 7.4.x" (https://www.php.net/manual/en/migration74.deprecated.php) mentions the deprecation of the php.ini entry 'allow_url_include*'*, but does not give any explanation on the consequences.
Google only pointed me to several stackoverflow links that stated to simply remove it or to sett it to 'off', but nobody explained if this has any side effects/consequences.

So I come here to ask if you can help me:

Is it now on/off by default?
Did PHP remove the functionality completely?
Is there an alternative configuration flag?
I am aware that there are security issues with allow_url_include as mentioned in RFC https://wiki.php.net/rfc/allow_url_include, but this RFC was closed without removing it.

Is there anything that developers need to do/know when simply removing the flag from PHP.ini?

Why do I ask here and not simply try?
The reason why I am asking is because will get an issue in one module of the DVWA project (https://github.com/digininja/DVWA/pulse) and I am not familiar enough with this part to distinguish an hidden error from the intended way this module should work. On the first blink it seems to be okay, but I would like to be sure.

And also this is a documentation issue. A deprecation announcement should have at least two sentences about the consequences and on what to do if you are affected.

Kind regards

Felix Mues


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux