Hi Jan,
On Tue, Feb 24, 2015 at 12:51 AM, Jan Ehrhardt wrote:
> Yasuo Ohgaki in php.internals (Mon, 23 Feb 2015 18:53:10 +0900):
> >On Mon, Feb 23, 2015 at 6:52 PM, Yasuo Ohgaki wrote:
> >
> >> ini_set('.php .phar .module .etc');
> >
> >ini_set('zend.script_extensions', '.php .phar .module .etc
Yasuo Ohgaki in php.internals (Mon, 23 Feb 2015 18:53:10 +0900):
>On Mon, Feb 23, 2015 at 6:52 PM, Yasuo Ohgaki wrote:
>
>> ini_set('.php .phar .module .etc');
>
>ini_set('zend.script_extensions', '.php .phar .module .etc');
>
>to be correct.
Quote from a Drupal 7 .htaccess:
# Protect files and
On Mon, Feb 23, 2015 at 6:52 PM, Yasuo Ohgaki wrote:
> ini_set('.php .phar .module .etc');
ini_set('zend.script_extensions', '.php .phar .module .etc');
to be correct.
--
Yasuo Ohgaki
yohg...@ohgaki.net
Hi Jan,
On Mon, Feb 23, 2015 at 6:32 PM, Jan Ehrhardt wrote:
> Stanislav Malyshev in php.internals (Sun, 22 Feb 2015 14:00:02 -0800):
> >2. Default configuration would break tons of PHP scripts with extensions
> >other than .php (very frequent case). The BC break potential of this is
> >very big
Stanislav Malyshev in php.internals (Sun, 22 Feb 2015 14:00:02 -0800):
>2. Default configuration would break tons of PHP scripts with extensions
>other than .php (very frequent case). The BC break potential of this is
>very big as it modifies core functionality.
Exactly my point with the Drupal ex
Hi Stas,
On Mon, Feb 23, 2015 at 7:00 AM, Stanislav Malyshev
wrote:
> > I think this will be the final discussion before vote.
> > This RFC is to make PHP stronger against script inclusion attacks just
> like
> > other languages.
> >
> > https://wiki.php.net/rfc/script_only_include
>
> I still t
Hi!
> I think this will be the final discussion before vote.
> This RFC is to make PHP stronger against script inclusion attacks just like
> other languages.
>
> https://wiki.php.net/rfc/script_only_include
I still think this RFC takes a wrong road for the following reasons:
1. Having any code
Hi Dan,
On Sun, Feb 22, 2015 at 12:40 AM, Dan Ackroyd
wrote:
> From the RFC:
> > Patches and Tests
> > Will be prepared before vote.
>
> The implementation details may determine how some people vote. Is the
> patch still coming before the voting is opened?
>
Yes. The patch will be simple one.
I
>From the RFC:
> Patches and Tests
> Will be prepared before vote.
The implementation details may determine how some people vote. Is the
patch still coming before the voting is opened?
cheers
Dan
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/u
Hi Padraic,
On Sat, Feb 21, 2015 at 5:18 PM, Pádraic Brady
wrote:
> Does this have any impact on allow_url_include or has that setting
> been retained?
>
> Yes, folk do indeed try to do this, for example hitting up Google:
>
> http://www.quora.com/Why-do-include-and-require_once-not-work-with-re
Does this have any impact on allow_url_include or has that setting
been retained?
Yes, folk do indeed try to do this, for example hitting up Google:
http://www.quora.com/Why-do-include-and-require_once-not-work-with-remote-files
Paddy
On 21 February 2015 at 01:06, Yasuo Ohgaki wrote:
> Hi all,
Hi all,
I think this will be the final discussion before vote.
This RFC is to make PHP stronger against script inclusion attacks just like
other languages.
https://wiki.php.net/rfc/script_only_include
I hope everyone will like this proposal.
Thank you all who have participated to discussions.
T
12 matches
Mail list logo
