Hey: On Fri, Feb 27, 2015 at 2:59 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > Hi Xinchen, > > On Fri, Feb 27, 2015 at 3:55 PM, Xinchen Hui <larue...@php.net> wrote: >> >> hmm, does that means, if this RFC won't pass, then script only include >> RFC should also be rejected? >> >> if yes, then maybe you should put them together? > > > Sorry I just sent previous mail before your mail. > > We need to fix this regardless of > https://wiki.php.net/rfc/script_only_include > If we have both, we close the door for "arbitrarily script execution". > (I mean almost the same as other language level) >
Sorry, but I am confused by the point, do you want to disable include a remote php file or not? if yes, how about with allow_url_fopen? eval(file_get_contents(http://xxxxxx/)); thanks > Regards, > > -- > Yasuo Ohgaki > yohg...@ohgaki.net -- Xinchen Hui @Laruence http://www.laruence.com/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
