- note about allow_url_include

author: Michael Wallner <mike@php.net> 2006-07-24 12:15:28 +0000
committer: Michael Wallner <mike@php.net> 2006-07-24 12:15:28 +0000
commit: 467e129ce5aae75bc23ad69f7c4f66985382bd5a (patch)
tree: b050ddd62b03aeea2c2ce51df7e36d733e1179ac /README.UPDATE_5_2
parent: b9ba07f7a03ffc7ef48817eff8f11b8982e174fc (diff)
download: php-git-467e129ce5aae75bc23ad69f7c4f66985382bd5a.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/README.UPDATE_5_2 b/README.UPDATE_5_2
index 77e022f4ce..06c569ca6c 100644
--- a/README.UPDATE_5_2
+++ b/README.UPDATE_5_2
@@ -40,3 +40,12 @@ PHP 5.2 Update info or NEWS explained
   no longer work for a file with the name 'data' accessed without any path. IF
   you need to do so you have to prefix the filename with the "file:" protocol.
   For the functionality itself look here http://www.faqs.org/rfcs/rfc2397.html.
+
+- Added allow_url_include ini directive to complement allow_url_fopen. (Rasmus)
+
+  With this option one can now distinguish between standard file operations on
+  remote files and inclusion of remote files.  While the former is usually
+  desired, the latter implies security risks if used naivly.  Starting with
+  PHP-5.2 it is now possible to allow standard file operations while
+  dissalowing inclusion of remote files, which will also be the default
+  configuration.
author	Michael Wallner <mike@php.net>	2006-07-24 12:15:28 +0000
committer	Michael Wallner <mike@php.net>	2006-07-24 12:15:28 +0000
commit	467e129ce5aae75bc23ad69f7c4f66985382bd5a (patch)
tree	b050ddd62b03aeea2c2ce51df7e36d733e1179ac /README.UPDATE_5_2
parent	b9ba07f7a03ffc7ef48817eff8f11b8982e174fc (diff)
download	php-git-467e129ce5aae75bc23ad69f7c4f66985382bd5a.tar.gz