Hi, 2012/4/10 Stas Malyshev <smalys...@sugarcrm.com>: > Hi! > >> LFI risk is unique to PHP. The cause of risk is mandatory embedded script. > > No it's not. If you write Python code that loads code from random file > and evaluates it, it will be "vulnerability in Python". If you write in > in Bash, it would be "vulnerability in bash". If you write it in C, it > will be "vulnerability in C". I don't see anything unique to PHP here.
Thank you for pointing out the incorrect statement. I know the condition to allow LFI for Perl/Ruby, also. LFI with PHP is just too easy :) As I wrote in the RFC, PHP would be better as safe as other major languages. Better means it is not a mandatory. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
