Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:83957
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 59816 invoked from network); 27 Feb 2015 03:44:50 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 27 Feb 2015 03:44:50 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.42 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.192.42 mail-qg0-f42.google.com  
Received: from [209.85.192.42] ([209.85.192.42:51879] helo=mail-qg0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 01/8E-32582-138EFE45 for <internals@lists.php.net>; Thu, 26 Feb 2015 22:44:49 -0500
Received: by mail-qg0-f42.google.com with SMTP id z107so12326319qgd.1
        for <internals@lists.php.net>; Thu, 26 Feb 2015 19:44:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:from:date:message-id:subject:to:content-type;
        bh=tNpvlbbju0i5DoJCnkeipwaRfZsDFf9q/70E3oJGFB0=;
        b=ryn0254pNRqOKAUCFF0in72cUyUrJ2zWKlmLJe5P9Eeof9Nwl3F46Z2dt+0nkO10C/
         Zm5m4Hk8oYKL59fCJn+/dF7Dk+GzsSy1BAhRWP+e0w/EJCKYqzXxbRWjpXwTzTrYjie+
         EGxK0r10p/G6X6BVDEsDGK9SJkjBR18/jJhj7YFqyz45W4QvRYlHJ67MSVOj2NH7k8ka
         VNZlvNYd/o3CuY2MC3+ZTxZO+a5zzqBkCTOe+Aw616sEcph92neprVfcIZrP/6lACI4V
         Rg3ZaK3/NWEqEsNQQlOCoFMaMe+hEY39ecZcPV/eFghbtzAbv37s93FkcdnEpeoAgyOp
         OVqg==
X-Received: by 10.229.80.3 with SMTP id r3mr25586992qck.23.1425008687013; Thu,
 26 Feb 2015 19:44:47 -0800 (PST)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.229.198.8 with HTTP; Thu, 26 Feb 2015 19:44:06 -0800 (PST)
Date: Fri, 27 Feb 2015 12:44:06 +0900
X-Google-Sender-Auth: L3FK6UnwFCI0KSr_2cu6PgieaAg
Message-ID: <CAGa2bXYf7Bi1QPya96t0Z3cQkTWBCOG2p2gCLZSUTY=_gNp_kw@mail.gmail.com>
To: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a1133cb78976805051009b0be
Subject: [RFC][DISCUSSION] Remove allow_url_include INI
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--001a1133cb78976805051009b0be
Content-Type: text/plain; charset=UTF-8

Hi all,

This is RFC for removing "allow_url_include" INI option. [1]

During "Script only include" RFC[2] discussion, stream wrapper issue is
raised.
I was thinking this issue as a separate issue, but it seems others are not.

"Script only include" RFC does not cover stream wrapper hole. This RFC
addresses
the hole created by stream wrappers. Those who may be concerned this hole
in "Script
only include" RFC may reconsider your votes by this.

Without this RFC, "Script only include" RFC may have infinite number of
holes.
This RFC closes them and make "Script only include" RFC more effective.

I don't use phar on regular basis, feedback from phar users are appreciated.
If you find yet another hole in [2], please let me know.

[1] https://wiki.php.net/rfc/allow_url_include
[2] https://wiki.php.net/rfc/script_only_include

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--001a1133cb78976805051009b0be--