Description:
------------
Meanwhile you installed a big warning in PHP installation on register_globals and default them to off, there is no warning at all and it is per default on on url_fopen, although with using of includes, this variable opens any hackers from outside a door inside your applications (e.g. used by opensurveypilot). So we had in the last time many hackins as this variable is on either by default installation or by templates like distributed via SWsofts Virtuozzo or with Plesk. This value should be warned the same and set to off by default like the register_globals.

Reproduce code:
---------------
Try to refer any http:// ressource in e.g. opensurveypilot files using include and url_fopen is on

Expected result:
----------------
Hacked sites if it's like default

url_fopen off by default in future PHP versions

Actual result:
--------------
A big security whole for lame code and programmers still open.