Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:16934
Return-Path: <ilia@prohost.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 80084 invoked by uid 1010); 27 Jun 2005 14:24:58 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 80069 invoked from network); 27 Jun 2005 14:24:58 -0000
Received: from unknown (HELO prohost.org) (127.0.0.1)
  by localhost with SMTP; 27 Jun 2005 14:24:58 -0000
X-Host-Fingerprint: 70.85.46.36 unknown  
Received: from ([70.85.46.36:44342] helo=prohost.org)
	by pb1.pair.com (ecelerity 1.2 r(5656M)) with SMTP
	id 15/35-00424-A3C00C24 for <internals@lists.php.net>; Mon, 27 Jun 2005 10:24:58 -0400
Received: (qmail 14881 invoked from network); 27 Jun 2005 14:24:54 -0000
Received: from cpe00095beeab35-cm000f9f7d6664.cpe.net.cable.rogers.com (HELO ?192.168.1.101?) (69.196.31.219)
	by prohost.org with SMTP; 27 Jun 2005 14:24:54 -0000
Message-ID: <42C00C35.9050500@prohost.org>
Date: Mon, 27 Jun 2005 10:24:53 -0400
User-Agent: Mozilla Thunderbird 1.0 - [MOOX M3] (Windows/20041208)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
CC: Stefan Esser <sesser@php.net>, 
	messju mohr <messju@lammfellpuschen.de>,
	Matthew Charles Kavanagh <matthew@teh.ath.cx>,  internals@lists.php.net
References: <42BDDC82.6020208@ohgaki.net> <01.6A.54439.491DEB24@pb1.pair.com> <20050626164101.GA11586@dune> <42BEE432.6090307@teh.ath.cx> <20050626175638.GB11586@dune> <42BEEED1.6010602@php.net> <42BF9A46.4060108@ohgaki.net>
In-Reply-To: <42BF9A46.4060108@ohgaki.net>
X-Enigmail-Version: 0.89.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Re: allow_url_fopen should be INI_ALL
From: ilia@prohost.org (Ilia Alshanetsky)

IMO disable allow_url_fopen by default is a bad idea as it would break 
multitudes of applications that rely on being open URLs via various PHP 
functions like getimagesize(), simplexml_load_file(), etc...

I think Stefan's idea of allowing the setting to be disabled by the 
script, but not enabled by it is the best. This way script writers who 
know which parts of the app/library do not need the functionality can 
explicitly disable it there.

Ilia