From: toomuchphp-phpbugs at yahoo dot com Operating system: PHP version: 5.1.4 PHP Bug Type: Feature/Change Request Bug description: Disallow direct parsing of .inc.php includes
Description: ------------ Would it be a good idea to provide an option in php.ini to prevent PHP from executing scripts which are designed to be included files? E.g., if PHP detects that the requested document is 'includes/someFile.inc.php' it will refuse to process the document because it has a '.inc.php' extension and is clearly only meant for inclusion. -- Edit bug report at http://bugs.php.net/?id=37856&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=37856&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=37856&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=37856&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=37856&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=37856&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=37856&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=37856&r=needscript Try newer version: http://bugs.php.net/fix.php?id=37856&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=37856&r=support Expected behavior: http://bugs.php.net/fix.php?id=37856&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=37856&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=37856&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=37856&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=37856&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=37856&r=dst IIS Stability: http://bugs.php.net/fix.php?id=37856&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=37856&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=37856&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=37856&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=37856&r=mysqlcfg
