Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:16922
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 3825 invoked by uid 1010); 27 Jun 2005 07:20:03 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 3809 invoked from network); 27 Jun 2005 07:20:02 -0000
Received: from unknown (HELO ohgaki.net) (127.0.0.1)
  by localhost with SMTP; 27 Jun 2005 07:20:02 -0000
X-Host-Fingerprint: 219.166.150.11 mx1.es-i.jp Linux 2.4 w/o timestamps
Received: from ([219.166.150.11:58641] helo=mx1.es-i.jp)
	by pb1.pair.com (ecelerity 1.2 r(5656M)) with SMTP
	id C7/B3-00424-1A8AFB24 for <internals@lists.php.net>; Mon, 27 Jun 2005 03:20:02 -0400
Received: (qmail 10570 invoked by uid 501); 27 Jun 2005 07:19:57 -0000
Received: from yohgaki@ohgaki.net by mx1.es-i.jp by uid 401 with qmail-scanner-1.20 
	(clamscan: 0.65. spamassassin: 2.60.  Clear:RC:1(192.168.100.202):. 
	Processed in 0.014286 secs); 27 Jun 2005 07:19:57 -0000
X-Qmail-Scanner-Mail-From: yohgaki@ohgaki.net via mx1.es-i.jp
X-Qmail-Scanner: 1.20 (Clear:RC:1(192.168.100.202):. Processed in 0.014286 secs)
Received: from unknown (HELO ?127.0.0.1?) (192.168.100.202)
	by mx1.es-i.jp with SMTP; 27 Jun 2005 07:19:57 -0000
Message-ID: <42BFA89C.7090203@ohgaki.net>
Date: Mon, 27 Jun 2005 16:19:56 +0900
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: ja, en-us, en
MIME-Version: 1.0
To: Derick Rethans <derick@php.net>
CC: Stefan Esser <sesser@php.net>, 
	messju mohr <messju@lammfellpuschen.de>,
	Matthew Charles Kavanagh <matthew@teh.ath.cx>,  internals@lists.php.net
References: <42BDDC82.6020208@ohgaki.net> <01.6A.54439.491DEB24@pb1.pair.com> <20050626164101.GA11586@dune> <42BEE432.6090307@teh.ath.cx> <20050626175638.GB11586@dune> <42BEEED1.6010602@php.net> <42BF9A46.4060108@ohgaki.net> <Pine.LNX.4.62.0506270910260.14983@localhost>
In-Reply-To: <Pine.LNX.4.62.0506270910260.14983@localhost>
X-Enigmail-Version: 0.92.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Re: allow_url_fopen should be INI_ALL
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Derick Rethans wrote:
> On Mon, 27 Jun 2005, Yasuo Ohgaki wrote:
> 
> 
>>I think most of us can agree following statement
>>
>>"allow_url_fopen = ON" is dangerous and the feature is not
>>useful most of the times.
> 
> 
> I disagree. With proper filtering, or using non-user-supplied 
> information there is no problem.

I don't have objection to your statement.
It could be used safely, but there are many applications that
had serious problems even if applications did not require
allow_url_fopen to be enabled.

I understands one have different opinion to another, so
the most acceptable configution for most would be make
allow_url_fopen

- OFF by default
- INI_ALL

-- 
Yasuo Ohgaki