PHP :: Request #43535 :: parse_ini_file('http://example.com/some.ini') and allow_url

Request #43535	parse_ini_file('http://example.com/some.ini') and allow_url_include=off
Submitted:	2007-12-08 13:53 UTC	Modified:	2015-05-31 04:22 UTC
From:	sskaje at gmail dot com	Assigned:	cmb (profile)
Status:	No Feedback	Package:	PHP options/info functions
PHP Version:	5.2.5	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

[2007-12-08 13:53 UTC] sskaje at gmail dot com

Description:
------------
parse_ini_file() should not be configured with allow_url_include in php.ini but allow_url_fopen
that make me cant directly parse the ini file on http server

Expected result:
----------------
nothing

Actual result:
--------------
nothing

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-12-10 09:58 UTC] jani@php.net

And what exactly is the problem you have?
Currently the file opening for this function happens exactly how a script is opened and I don't think there's anything wrong with that.

[2007-12-11 10:01 UTC] sskaje at gmail dot com

There is a ini file on a http server which has something i need on it.
so i tried to use parse_ini_file() to get the content and parse it.
i set teh 'allow_url_include' Off due to security issue, but i got an error which said that i must turn it On

[2007-12-12 10:12 UTC] jani@php.net

This requires changes too big for a bugfix (this is more like a new feature as such) so most likely this will be in PHP 5.3.0 at earliest.

[2009-02-02 16:41 UTC] stefan dot walk+php at gmail dot com

I don't see how checking for allow_url_fopen instead of 
allow_url_include is a big change ...

[2009-02-02 16:49 UTC] sskaje at gmail dot com

[2 Feb 4:41pm UTC] stefan dot walk+php at gmail dot com 
I don't see how checking for allow_url_fopen instead of 
allow_url_include is a big change ...


ya, stefan, its not a big change, but as you know, all_url_include is recommended to be Off to avoid RFI, if you need to parse an ini file on a remote server without allow_url_include ON, you have to download it before parsing it. So, use allow_url_fopen would bring more convinience than allow_url_include

[2011-04-08 21:04 UTC] jani@php.net

-Package: Feature/Change Request +Package: PHP options/info functions

[2015-05-17 19:49 UTC] cmb@php.net

-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb

[2015-05-17 19:49 UTC] cmb@php.net

Since PHP 5.3.0 there is parse_ini_string(), so you could do:

  parse_ini_string(file_get_contents('...'));

Isn't that sufficiently convenient?

[2015-05-31 04:22 UTC] php-bugs at lists dot php dot net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 12:01:30 2024 UTC