ID: 30557 User updated by: php at bouchery dot com Reported By: php at bouchery dot com Status: Wont fix Bug Type: Feature/Change Request Operating System: all PHP Version: Irrelevant New Comment:
hmmm ... we did it with "register_globals", isn't it ? Previous Comments: ------------------------------------------------------------------------ [2004-10-26 09:50:54] [EMAIL PROTECTED] Sorry, but we can not simply change the default value as there might be scripts out there that rely on this; and we can not simply break them. ------------------------------------------------------------------------ [2004-10-26 09:30:29] php at bouchery dot com Description: ------------ Currently, there are too many people writing news and blogs about the "huge" PHP security hole introduce by "include" and "allow_url_fopen". This mistake is so simple to avoid, but beginners are not so informs and I think it could be simplest to disable this option (allow_url_fopen) in the default php.ini. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=30557&edit=1