|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #43535 parse_ini_file('') and allow_url_include=off
Submitted: 2007-12-08 13:53 UTC Modified: 2015-05-31 04:22 UTC
From: sskaje at gmail dot com Assigned: cmb (profile)
Status: No Feedback Package: PHP options/info functions
PHP Version: 5.2.5 OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: sskaje at gmail dot com
New email:
PHP Version: OS:


 [2007-12-08 13:53 UTC] sskaje at gmail dot com
parse_ini_file() should not be configured with allow_url_include in php.ini but allow_url_fopen
that make me cant directly parse the ini file on http server

Expected result:

Actual result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2007-12-10 09:58 UTC]
And what exactly is the problem you have?
Currently the file opening for this function happens exactly how a script is opened and I don't think there's anything wrong with that.
 [2007-12-11 10:01 UTC] sskaje at gmail dot com
There is a ini file on a http server which has something i need on it.
so i tried to use parse_ini_file() to get the content and parse it.
i set teh 'allow_url_include' Off due to security issue, but i got an error which said that i must turn it On
 [2007-12-12 10:12 UTC]
This requires changes too big for a bugfix (this is more like a new feature as such) so most likely this will be in PHP 5.3.0 at earliest.
 [2009-02-02 16:41 UTC] stefan dot walk+php at gmail dot com
I don't see how checking for allow_url_fopen instead of 
allow_url_include is a big change ...
 [2009-02-02 16:49 UTC] sskaje at gmail dot com
[2 Feb 4:41pm UTC] stefan dot walk+php at gmail dot com 
I don't see how checking for allow_url_fopen instead of 
allow_url_include is a big change ...

ya, stefan, its not a big change, but as you know, all_url_include is recommended to be Off to avoid RFI, if you need to parse an ini file on a remote server without allow_url_include ON, you have to download it before parsing it. So, use allow_url_fopen would bring more convinience than allow_url_include
 [2011-04-08 21:04 UTC]
-Package: Feature/Change Request +Package: PHP options/info functions
 [2015-05-17 19:49 UTC]
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2015-05-17 19:49 UTC]
Since PHP 5.3.0 there is parse_ini_string(), so you could do:


Isn't that sufficiently convenient?
 [2015-05-31 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sun Dec 03 07:01:26 2023 UTC