Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:16920
Return-Path: <derick@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 419 invoked by uid 1010); 27 Jun 2005 07:11:20 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 404 invoked from network); 27 Jun 2005 07:11:20 -0000
Received: from unknown (HELO php.net) (127.0.0.1)
  by localhost with SMTP; 27 Jun 2005 07:11:20 -0000
X-Host-Fingerprint: 82.94.239.5 jdi.jdi-ict.nl Linux 2.5 (sometimes 2.4) (4)
Received: from ([82.94.239.5:40961] helo=jdi.jdi-ict.nl)
	by pb1.pair.com (ecelerity 1.2 r(5656M)) with SMTP
	id 7C/33-00424-696AFB24 for <internals@lists.php.net>; Mon, 27 Jun 2005 03:11:18 -0400
Received: from localhost (localhost [127.0.0.1])
	by jdi.jdi-ict.nl (8.12.11/8.12.11) with ESMTP id j5R7BEMo014972
	for <internals@lists.php.net>; Mon, 27 Jun 2005 09:11:14 +0200
Received: from localhost (localhost [127.0.0.1])
	by jdi.jdi-ict.nl (8.12.11/8.12.11) with ESMTP id j5R7BBXD014942;
	Mon, 27 Jun 2005 09:11:11 +0200
Date: Mon, 27 Jun 2005 09:11:11 +0200 (CEST)
X-X-Sender: derick@localhost
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
cc: Stefan Esser <sesser@php.net>, messju mohr <messju@lammfellpuschen.de>,
	Matthew Charles Kavanagh <matthew@teh.ath.cx>, internals@lists.php.net
In-Reply-To: <42BF9A46.4060108@ohgaki.net>
Message-ID: <Pine.LNX.4.62.0506270910260.14983@localhost>
References: <42BDDC82.6020208@ohgaki.net> <01.6A.54439.491DEB24@pb1.pair.com>
	<20050626164101.GA11586@dune> <42BEE432.6090307@teh.ath.cx>
	<20050626175638.GB11586@dune> <42BEEED1.6010602@php.net> <42BF9A46.4060108@ohgaki.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by amavisd-new at jci-ict.nl
Subject: Re: [PHP-DEV] Re: allow_url_fopen should be INI_ALL
From: derick@php.net (Derick Rethans)

On Mon, 27 Jun 2005, Yasuo Ohgaki wrote:

> I think most of us can agree following statement
> 
> "allow_url_fopen = ON" is dangerous and the feature is not
> useful most of the times.

I disagree. With proper filtering, or using non-user-supplied 
information there is no problem.

Derick

-- 
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org