On Jul 28, 2005, at 9:21 AM, Ilia Alshanetsky wrote:
Zeev Suraski wrote:
At 01:50 AM 7/28/2005, Ilia Alshanetsky wrote:
Are you therefore saying SOAP support should be 100% diabled when
allow_url_fopen is off?
SOAP is not disabled, simply prevented from querying remote data
sources directly.
What exactly can you do with it other than query remote data sources?
I tend to agree with Adam (and I guess Wez) - SOAP should not be
affected by allow_url_fopen.
Why not simply make existing INI option only restrict script
loading operations such as include/require, afterall this is what
it tries to primarily prevent anyway.
Maybe - I would say that there are good (non-security-related)
reasons for restricting url open elsewhere. I'd rather see a per-
extension override that allows you to say exactly what you want
occuring.
George
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
