Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:29543
Return-Path: <edin@krug.dk>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 38678 invoked by uid 1010); 19 May 2007 08:26:37 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 38649 invoked from network); 19 May 2007 08:26:37 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 19 May 2007 08:26:37 -0000
Authentication-Results: pb1.pair.com header.from=edin@krug.dk; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=edin@krug.dk; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain krug.dk designates 85.214.99.202 as permitted sender)
X-PHP-List-Original-Sender: edin@krug.dk
X-Host-Fingerprint: 85.214.99.202 h1272141.stratoserver.net Linux 2.6
Received: from [85.214.99.202] ([85.214.99.202:50809] helo=h1272141.stratoserver.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 47/15-00717-0E3BE464 for <internals@lists.php.net>; Sat, 19 May 2007 04:22:57 -0400
Received: from 0308ds1-rdo.0.fullrate.dk (0308ds1-rdo.0.fullrate.dk [90.184.100.94])
	by h1272141.stratoserver.net (Postfix) with ESMTP id 2128914683C2;
	Sat, 19 May 2007 10:23:02 +0200 (CEST)
Received: by 0308ds1-rdo.0.fullrate.dk (Postfix, from userid 504)
	id 093B424600D6; Sat, 19 May 2007 10:22:52 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on latif.krug.dk
X-Spam-Level: 
X-Spam-Status: No, score=-4.4 required=4.0 tests=ALL_TRUSTED,BAYES_00
	autolearn=ham version=3.1.8
X-Spam-Detected: no
Received: from [10.0.0.91] (unknown [10.0.0.91])
	by 0308ds1-rdo.0.fullrate.dk (Postfix) with ESMTP id 5C04224600CB;
	Sat, 19 May 2007 10:22:50 +0200 (CEST)
In-Reply-To: <7d5a202f0705181647r5dae4d46y3d95e320f47a9d34@mail.gmail.com>
References: <464DCB8C.90803@chiaraquartet.net> <7d5a202f0705181647r5dae4d46y3d95e320f47a9d34@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-ID: <4A0FA232-9C1C-46A7-9278-4C3DCBEA36A7@krug.dk>
Cc: internals@lists.php.net
Content-Transfer-Encoding: 7bit
Date: Sat, 19 May 2007 10:22:49 +0200
To: Cristian Rodriguez <judas.iscariote@gmail.com>
X-Mailer: Apple Mail (2.752.2)
Subject: Re: [PHP-DEV] potential solution to user streams + allow_url_include=off
From: edin@krug.dk (Edin Kadribasic)

On 19/05/2007, at 1.47, Cristian Rodriguez wrote:

> 2007/5/18, Greg Beaver <greg@chiaraquartet.net>:
>
>> <?php
>> include $_GET['dumb'];
>> ?>
>>
>
> What about permanently removing this (mis) "feature" ?? , Im yet to
> hear any valid reason or example to continue to permit this remote
> include thingy, all examples I have seen are bogus and broken.. does
> anyone really think there are valid use cases ?  (note that Im talking
> about include* and require* only ;)

How about installing a whole application suite by telling people. Hey  
run this:

$ php -d allow_url_include=1 -r "include 'http://pear.php.net/go-pear';"

Useful? I think so.

Edin