On 11/02/15 09:34, Derick Rethans wrote: >> Some of you are tired with this topic, but please take a look the RFC >> > >> > [RFC] Script only includes - this is 3rd version. >> > https://wiki.php.net/rfc/script_only_include >> > >> > Please let me know what you like or dislike. > Con: > - It introduces an INI option that changes PHP's behaviour. > - How do you know what is a PHP script? Surely not be checking that the > first 4 chars are "<?php" ?
First 5? ... Yasuo ... I don't think this is going in the right direction. The principals are right, but we have been through a lot of this trying to secure included files in the past and nothing has worked yet. I don't think that anything implemented in a PHP distribution will change what is happening in practice? -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php