Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:83829
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 50782 invoked from network); 25 Feb 2015 22:06:46 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 25 Feb 2015 22:06:46 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.54 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.192.54 mail-qg0-f54.google.com  
Received: from [209.85.192.54] ([209.85.192.54:51794] helo=mail-qg0-f54.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 5A/03-34010-5774EE45 for <internals@lists.php.net>; Wed, 25 Feb 2015 17:06:46 -0500
Received: by mail-qg0-f54.google.com with SMTP id z60so5514056qgd.13
        for <internals@lists.php.net>; Wed, 25 Feb 2015 14:06:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:from:date:message-id:subject:to:content-type;
        bh=zo+62IJx3XKKE3AB4xz/gkJiQZAEd5jxD0u4PwYIrXM=;
        b=wiR+t5H5uO8BCMH0KvqG6oT9s7Jd7TvYc5KWRyxAqc9tMIh7U8MmqnUaWbUb8dfB2D
         sIXOukYedaKKs6xqVQXwgpqwzT+MHuyE3oSTMLoc5EhbEo98inDsPcFr7CILmSswlZiB
         3lrVQIAQKzMKmj44FOAI1OVBB8VKYriLI/DKbyrML5jFlgDxDsxxm2SebWeaIkeIy96b
         h2bP3Oeyjh6lq/QwHcSGOja1pt2S0mQH06WTZp8hOaKFvWJyz1IVcVRgMZnsGI8VwBz2
         baBrE+Reme/ZEv983rPOHit6BXEBrNFhWetJgWDFg42SA5MLyqVCmDWGwcfQ0ACCr6QW
         yVaA==
X-Received: by 10.140.148.20 with SMTP id 20mr11268792qhu.67.1424902003280;
 Wed, 25 Feb 2015 14:06:43 -0800 (PST)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.229.198.8 with HTTP; Wed, 25 Feb 2015 14:06:03 -0800 (PST)
Date: Thu, 26 Feb 2015 07:06:03 +0900
X-Google-Sender-Auth: 3d19oHoQoptfAownuUqbb-xSiFo
Message-ID: <CAGa2bXbt9FAdRtW1GxDyT+G-4bWBACTso_DOizcSHmmgmSVtmA@mail.gmail.com>
To: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a113bb4ccbed316050ff0d94e
Subject: [RFC][VOTE] Introduce script only include/require
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--001a113bb4ccbed316050ff0d94e
Content-Type: text/plain; charset=UTF-8

Hi all,

Vote for script only include/require RFC is started.
This RFC closes one of the fatal security hole in PHP programs with
simple patch.

https://wiki.php.net/rfc/script_only_include
https://github.com/php/php-src/pull/1111
Vote ends 2015/3/12

It seems there are misunderstandings about the issue and the protection.
If you would like to vote "no", please read the RFC carefully.
If you find fatal reason to reject this RFC, it is about arbitrarily code
execution
and file exposure, so please let us know the reason why.

If you have question, please ask.

Thank you for voting.

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--001a113bb4ccbed316050ff0d94e--