Yasuo Ohgaki in php.internals (Sat, 21 Feb 2015 10:06:24 +0900): >I think this will be the final discussion before vote. >This RFC is to make PHP stronger against script inclusion attacks just like >other languages. > >https://wiki.php.net/rfc/script_only_include > >I hope everyone will like this proposal.
Am I correct in assuning that files with extensions like .inc, .install, .module will not be included by default anymore if this RFC is accepted? And that only a change in the php.ini can make those files includable? Drupal uses files like these, even in Drupal 8 beta. Would not that be a big obstacle for installing Drupal, especially at shared hosters where the user has no control over php.ini? Jan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
