Hi! > https://wiki.php.net/rfc/nophptags?&#why_this_is_better_than_now
I'm sorry, but I do not understand how your proposal prevents LFI. Let's say you had this file kill.php: <?php kill_kill_kill(); and you were afraid that somebody would write the code "include $_GET['foo'];" and pass kill.php as foo and kill your server. Now, you propose banning <?php tag. So, kill.php would look like this: kill_kill_kill(); and you still can include it with "include $_GET['foo'];" and get the same result. Where's the difference? -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
