Hi all, On Thu, Feb 26, 2015 at 7:06 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> Vote for script only include/require RFC is started. > This RFC closes one of the fatal security hole in PHP programs with > simple patch. > > https://wiki.php.net/rfc/script_only_include > https://github.com/php/php-src/pull/1111 > Vote ends 2015/3/12 > > It seems there are misunderstandings about the issue and the protection. > If you would like to vote "no", please read the RFC carefully. > If you find fatal reason to reject this RFC, it is about arbitrarily code > execution > and file exposure, so please let us know the reason why. > > If you have question, please ask. > I was thinking allow_url_include issue later, but it seems I have to now. I've written new RFC to address this. https://wiki.php.net/rfc/allow_url_include I'll start discussion shortly. If you have comments, please do so here. It's related to this RFC also. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
