allow_url_fopen turns off _both_. There's no choice what to disable
tom
Jason Barnett wrote:
Tom Z. Meinlschmidt wrote:
Hi,
I've experienced a lot of attacks in my hosting server due to silly users and their scripts with holes. So I prepared this little patch to 4.3.10, which disables using url wrappers in include/include_once/require/require_once statemens (switchable in php.ini). See readme.security from patch
patch is there:
http://orin.meinlschmidt.org/~znouza/php_patch.txt
comments are welcome
/tom
http://php.net/manual/en/ini.php#ini.list
allow_url_fopen = 0
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
