Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:83395
Return-Path: <phpdev@ehrhardt.nl>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 30314 invoked from network); 21 Feb 2015 15:33:25 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Feb 2015 15:33:25 -0000
X-Host-Fingerprint: 85.223.116.227 227-116.citynet.ftth.internl.net  
Received: from [85.223.116.227] ([85.223.116.227:14344] helo=localhost.localdomain)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 39/78-08895-145A8E45 for <internals@lists.php.net>; Sat, 21 Feb 2015 10:33:23 -0500
To: internals@lists.php.net
Date: Sat, 21 Feb 2015 16:33:17 +0100
Message-ID: <c48headlmkkhe2dc6jjflahdejl104044s@4ax.com>
References: <CAGa2bXZ_Q4Ytz5HgcmBoKNPzUaCh6vLETkyyd-jVsR9df60RPg@mail.gmail.com>
X-Newsreader: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Posted-By: 85.223.116.227
Subject: Re: [RFC] [FINAL DISCUSSION] Script only include/require
From: phpdev@ehrhardt.nl (Jan Ehrhardt)

Yasuo Ohgaki in php.internals (Sat, 21 Feb 2015 10:06:24 +0900):
>I think this will be the final discussion before vote.
>This RFC is to make PHP stronger against script inclusion attacks just like
>other languages.
>
>https://wiki.php.net/rfc/script_only_include
>
>I hope everyone will like this proposal.

Am I correct in assuning that files with extensions like .inc, .install,
.module will not be included by default anymore if this RFC is accepted?
And that only a change in the php.ini can make those files includable?

Drupal uses files like these, even in Drupal 8 beta. Would not that be a
big obstacle for installing Drupal, especially at shared hosters where
the user has no control over php.ini?

Jan