Hello, On Mon, Apr 9, 2012 at 8:25 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > Hi, > > There is valid usage for allow_url_include=on. > > For instance, if both server and client is PHP, we could use var_export() > to receive messages. > > Client > ---- > <?php > include('http://server/send_my_data.php'); > ?> > ---- > > Server: /send_my_data.php > ---- > <?php > echo "$response = "; > var_export($some_useful_data); > ?> > ---- > > This is the most efficient way to exchange data between PHP servers. > People does this should not security issues, though. > > BTW, do you remember allow_rul_fopen was changed to INI_SYSTEM? > This should be INI_ALL as well as allow_rul_include, IMO. > > Regards, >
Perhaps you could bring your discussion to the php general mailing list as opposed to the internals? You might find a good bit of reasonable feedback and information for handling user input there, in the exact scenarios you mentioned. -Chris -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php