Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:16927
Return-Path: <derick@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 12820 invoked by uid 1010); 27 Jun 2005 07:30:50 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 12805 invoked from network); 27 Jun 2005 07:30:50 -0000
Received: from unknown (HELO tpg.com.au) (127.0.0.1)
  by localhost with SMTP; 27 Jun 2005 07:30:50 -0000
X-Host-Fingerprint: 82.94.239.5 jdi.jdi-ict.nl Linux 2.5 (sometimes 2.4) (4)
Received: from ([82.94.239.5:38971] helo=jdi.jdi-ict.nl)
	by pb1.pair.com (ecelerity 1.2 r(5656M)) with SMTP
	id 0E/B4-00424-62BAFB24 for <internals@lists.php.net>; Mon, 27 Jun 2005 03:30:47 -0400
Received: from localhost (localhost [127.0.0.1])
	by jdi.jdi-ict.nl (8.12.11/8.12.11) with ESMTP id j5R7UbDm017310
	for <internals@lists.php.net>; Mon, 27 Jun 2005 09:30:37 +0200
Received: from localhost (localhost [127.0.0.1])
	by jdi.jdi-ict.nl (8.12.11/8.12.11) with ESMTP id j5R7UUfv017287;
	Mon, 27 Jun 2005 09:30:30 +0200
Date: Mon, 27 Jun 2005 09:30:30 +0200 (CEST)
X-X-Sender: derick@localhost
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
cc: Stefan Esser <sesser@php.net>, messju mohr <messju@lammfellpuschen.de>,
	Matthew Charles Kavanagh <matthew@teh.ath.cx>, internals@lists.php.net
In-Reply-To: <42BFA89C.7090203@ohgaki.net>
Message-ID: <Pine.LNX.4.62.0506270929420.14983@localhost>
References: <42BDDC82.6020208@ohgaki.net> <01.6A.54439.491DEB24@pb1.pair.com>
	<20050626164101.GA11586@dune> <42BEE432.6090307@teh.ath.cx>
	<20050626175638.GB11586@dune> <42BEEED1.6010602@php.net> <42BF9A46.4060108@ohgaki.net>
	<Pine.LNX.4.62.0506270910260.14983@localhost> <42BFA89C.7090203@ohgaki.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by amavisd-new at jci-ict.nl
Subject: Re: [PHP-DEV] Re: allow_url_fopen should be INI_ALL
From: derick@php.net (Derick Rethans)

On Mon, 27 Jun 2005, Yasuo Ohgaki wrote:

> > I disagree. With proper filtering, or using non-user-supplied 
> > information there is no problem.
> 
> I don't have objection to your statement.
> It could be used safely, but there are many applications that
> had serious problems even if applications did not require
> allow_url_fopen to be enabled.

I don't see what this has to do with each other...

> I understands one have different opinion to another, so
> the most acceptable configution for most would be make
> allow_url_fopen
> 
> - OFF by default
> - INI_ALL

I've no problems with that, this would be fine for PHP 4.4

regards,
Derick

-- 
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org