Greg, i was not talking about providing all the different versions of include.
For me it is a broken application design to include anything out of an URL wrapper. However it would also be fine to just have allow_url_include affect all URLs and to be setable by ini_set() and be turned off by default. Insane applications can then turn it on/off for every REMOTE URL they need. Aside from that there could be a setting for the admin to completely disallow URLs marked as is_URL. Stefan Esser -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
