Hi all, On Thu, Feb 26, 2015 at 7:06 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> Vote for script only include/require RFC is started. > This RFC closes one of the fatal security hole in PHP programs with > simple patch. > > https://wiki.php.net/rfc/script_only_include > https://github.com/php/php-src/pull/1111 > Vote ends 2015/3/12 > > It seems there are misunderstandings about the issue and the protection. > If you would like to vote "no", please read the RFC carefully. > If you find fatal reason to reject this RFC, it is about arbitrarily code > execution > and file exposure, so please let us know the reason why. > > If you have question, please ask. > It seems I had better to address stream wrapper issues at the same time even though it's big enough issue. I'll merge https://wiki.php.net/rfc/allow_url_include into this RFC and make this RFC "Under Discussion" state. For those who have voted already, please vote again when RFC is ready to vote again. Thank you. -- Yasuo Ohgaki yohg...@ohgaki.net
