PHP :: Request #30557 :: Disabled "allow_url

Request #30557	Disabled "allow_url_fopen" in php.ini
Submitted:	2004-10-26 09:30 UTC	Modified:	2004-10-26 09:53 UTC
From:	php at bouchery dot com	Assigned:
Status:	Wont fix	Package:	Feature/Change Request
PHP Version:	Irrelevant	OS:	all
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	php at bouchery dot com
New email:
PHP Version:		OS:

New Comment:

[2004-10-26 09:30 UTC] php at bouchery dot com

Description:
------------
Currently, there are too many people writing news and blogs about the "huge" PHP security hole introduce by "include" and "allow_url_fopen". This mistake is so simple to avoid, but beginners are not so informs and I think it could be simplest to disable this option (allow_url_fopen) in the default php.ini.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-10-26 09:50 UTC] derick@php.net

Sorry, but we can not simply change the default value as there might be scripts out there that rely on this; and we can not simply break them.

[2004-10-26 09:53 UTC] php at bouchery dot com

hmmm ... we did it with "register_globals", isn't it ?

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Sep 19 16:01:27 2024 UTC