On 6 February 2015 at 12:02, Yasuo Ohgaki <[email protected]> wrote:
> Hi all,
>
> This RFC was renamed from "script() and script_once()".
> Original proposal had defect. It wasn't perfect.
>
> This RFC proposes "script_path" INI directive to eliminate
> file/script inclusion at all via require().
>
> https://wiki.php.net/rfc/script_path
Couple of fixes and questions
> Introduce script_path and download_path
> Introduce script_path INI that specify directories that execution is allowed
> and upload_path
Change download_path to upload_path.
> PHP script detection by file content is **NOT** impossible
> Therefore, PHP script detection by file content is impossible.
I assume that you want to say impossible in both places?
> include()/require() is source of file/script inclusion for a long time
> Only require()/require_once() is affected.
Is this on purpose? Is there a reason that include is not affected?
I think this is a better solution than script{,_once}. I definitely
prefer it over the previous RFC
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
