Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:83460
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 65823 invoked from network); 22 Feb 2015 07:32:56 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 22 Feb 2015 07:32:56 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.43 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.192.43 mail-qg0-f43.google.com  
Received: from [209.85.192.43] ([209.85.192.43:44117] helo=mail-qg0-f43.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id FA/E0-08895-52689E45 for <internals@lists.php.net>; Sun, 22 Feb 2015 02:32:54 -0500
Received: by mail-qg0-f43.google.com with SMTP id i50so20324313qgf.2
        for <internals@lists.php.net>; Sat, 21 Feb 2015 23:32:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:content-type;
        bh=FBDy++s4U/mG2j9FjZ5ht1FYtfCAwrw8J/fxBUY4rJw=;
        b=BQPHsnxUrUXhELQikD8fL8ngbJTFha5y7s41M589hPtnwS+HH49jsVmFmtWAUXVRhS
         rcNRxGcwwQePwVxo5Rukk/hECOn/Epfxik73Dg4U8CrL9Yk+PKJnK+rhOyETwqTNxYEb
         156a8uo+XkOx1efl3ymRA/IkViEXu4WU78b+NMp7S8rxtf13OcTG3KbYnv+x9pK8GCnG
         y+9nh4Bys8bmHnM28mGKBZgAbBzRqmA2e8H6vPHC8Tx/mTQnR+7Qi44gHxc/PLHxm2DL
         Mulflio+SXQSRalnO5W83/x8/QqC+u+vmcCLneUskTz9gNfrpH7NALAlrwYVwZEdzT+O
         Kphw==
X-Received: by 10.140.152.2 with SMTP id 2mr12746001qhy.16.1424590370374; Sat,
 21 Feb 2015 23:32:50 -0800 (PST)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.229.198.8 with HTTP; Sat, 21 Feb 2015 23:32:10 -0800 (PST)
In-Reply-To: <CAGa2bXZ_Q4Ytz5HgcmBoKNPzUaCh6vLETkyyd-jVsR9df60RPg@mail.gmail.com>
References: <CAGa2bXZ_Q4Ytz5HgcmBoKNPzUaCh6vLETkyyd-jVsR9df60RPg@mail.gmail.com>
Date: Sun, 22 Feb 2015 16:32:10 +0900
X-Google-Sender-Auth: 51YN5Hlr-izTE5BE0Z-vX1o6e6Q
Message-ID: <CAGa2bXY9hGE7pb+KtqeaXcbY1s1jHL6Q1Qa7xV6m7MyKugN_Ww@mail.gmail.com>
To: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a1135a3dcfa0801050fa84a19
Subject: Re: [RFC] [FINAL DISCUSSION] Script only include/require
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--001a1135a3dcfa0801050fa84a19
Content-Type: text/plain; charset=UTF-8

Hi all,

On Sat, Feb 21, 2015 at 10:06 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:

> I think this will be the final discussion before vote.
> This RFC is to make PHP stronger against script inclusion attacks just
> like other languages.
>
> https://wiki.php.net/rfc/script_only_include
>
> I hope everyone will like this proposal.
> Thank you all who have participated to discussions.
>
> Those who are not involved, this is the time to check this RFC.
>
> Thank you.
>

I've wrote initial patch for this RFC

https://github.com/php/php-src/pull/1111

There are some issues to resolve (error, the way comparing extension), but
it works as it supposed. Comments are appreciated.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--001a1135a3dcfa0801050fa84a19--