On 19/05/2007, at 1.47, Cristian Rodriguez wrote:
2007/5/18, Greg Beaver <[EMAIL PROTECTED]>:
<?php
include $_GET['dumb'];
?>
What about permanently removing this (mis) "feature" ?? , Im yet to
hear any valid reason or example to continue to permit this remote
include thingy, all examples I have seen are bogus and broken.. does
anyone really think there are valid use cases ? (note that Im talking
about include* and require* only ;)
How about installing a whole application suite by telling people. Hey
run this:
$ php -d allow_url_include=1 -r "include 'http://pear.php.net/go-pear';"
Useful? I think so.
Edin
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
