Re: [PHP] Re: patch to php 4.3.10 to disabling URL wrappers in include like statements — PHP

You are here: Re: [PHP] Re: patch to php 4.3.10 to disabling URL wrappers in include like statements « PHP « IT news, forums, messages

Posted by Tom Z Meinlschmidt on 03/02/05 17:52

Tell me - how do you want to turn off remote includes and remain remote
file working?

allow_url_fopen turns off _both_. There's no choice what to disable

tom

Jason Barnett wrote:
> Tom Z. Meinlschmidt wrote:
>
>>Hi,
>>
>>I've experienced a lot of attacks in my hosting server due to silly users and
>>their scripts with holes. So I prepared this little patch to 4.3.10, which
>>disables using url wrappers in include/include_once/require/require_once
>>statemens (switchable in php.ini). See readme.security from patch
>>
>>patch is there:
>>
>>http://orin.meinlschmidt.org/~znouza/php_patch.txt
>>
>>comments are welcome
>>
>>/tom
>>
>
>
> http://php.net/manual/en/ini.php#ini.list
>
> allow_url_fopen = 0
>

Navigation:

Next in forum: Connecting to a AS/400?
Prev in forum: Re: [PHP] patch to php 4.3.10 to disabling URL wrappers in include like statements
Thread view: Re: [PHP] Re: patch to php 4.3.10 to disabling URL wrappers in include like statements

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация