Hi,
2012/4/10 Chris Stockton <chrisstockto...@gmail.com>:
> Hello,
>
> On Mon, Apr 9, 2012 at 8:25 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
>> Hi,
>>
>> There is valid usage for allow_url_include=on.
>>
>> For instance, if both server and client is PHP, we could use var_export()
>> to receive messages.
>>
>> Client
>> ----
>> <?php
>> include('http://server/send_my_data.php');
>> ?>
>> ----
>>
>> Server: /send_my_data.php
>> ----
>> <?php
>> echo "$response = ";
>> var_export($some_useful_data);
>> ?>
>> ----
>>
>> This is the most efficient way to exchange data between PHP servers.
>> People does this should not security issues, though.
>>
>> BTW, do you remember allow_rul_fopen was changed to INI_SYSTEM?
>> This should be INI_ALL as well as allow_rul_include, IMO.
>>
>> Regards,
>>
>
> Perhaps you could bring your discussion to the php general mailing
> list as opposed to the internals? You might find a good bit of
> reasonable feedback and information for handling user input there, in
> the exact scenarios you mentioned.
I guess you have never benchmarked various methods.
I haven't done it for a long time, so the result may differ
though. If you find interesting result, please let us know.
Anyway, just like PHP being a embedded language, this method is
perfectly valid. It has been there for a long time, too. IIRC,
var_export() was implemented by Derick during PHP 4.x, so
it's rather new(?) feature compare to embedded lang, though.
Regards,
--
Yasuo Ohgaki
yohg...@ohgaki.net
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
