Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:84067
Return-Path: <smalyshev@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 46486 invoked from network); 28 Feb 2015 04:53:22 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 28 Feb 2015 04:53:22 -0000
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.45 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@gmail.com
X-Host-Fingerprint: 209.85.220.45 mail-pa0-f45.google.com  
Received: from [209.85.220.45] ([209.85.220.45:42210] helo=mail-pa0-f45.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 8A/03-32582-1C941F45 for <internals@lists.php.net>; Fri, 27 Feb 2015 23:53:21 -0500
Received: by pablj1 with SMTP id lj1so25433396pab.9
        for <internals@lists.php.net>; Fri, 27 Feb 2015 20:53:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=message-id:date:from:user-agent:mime-version:to:cc:subject
         :references:in-reply-to:content-type:content-transfer-encoding;
        bh=4emk1GHncXgyWu/4HiFckq9hhRpNKZTx5UthNCMKoY4=;
        b=m3r5F4oAI/GSkB9NfRD0WFTlxWFUH6N+eOykQqpVWodqb09heuue7sQm2RoT1x3pAP
         NIpYLuilVkG16aFTW2qabFDhNl2QWLBDGlTE2ibv7ZVQt5vyksnresGHXGE3YaWNmo+4
         aiWHIshcd+2NUqHcpKZE56UIyDnBsVPh1EUeVHRLksUWoEWmsKcmOUM1Wc8mfqr1mnKg
         EN49yGGt3EdHOU8RXElg3xVveD24T2ay1F5Iii5nGzI3wAmf9afLheYpcqdRMPFRIp6j
         vr3RHelZQHIofbKQoZHrvIekVu1UC06oBGzXNI81r7hPvxS76ETWwDNg8hlZTPN87QUC
         XwfQ==
X-Received: by 10.68.109.195 with SMTP id hu3mr29927787pbb.84.1425099197704;
        Fri, 27 Feb 2015 20:53:17 -0800 (PST)
Received: from Stas-Air.local (108-66-6-48.lightspeed.sntcca.sbcglobal.net. [108.66.6.48])
        by mx.google.com with ESMTPSA id 2sm5534348pdp.0.2015.02.27.20.53.16
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 27 Feb 2015 20:53:16 -0800 (PST)
Message-ID: <54F149BC.70107@gmail.com>
Date: Fri, 27 Feb 2015 20:53:16 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Yasuo Ohgaki <yohgaki@ohgaki.net>, 
 Rowan Collins <rowan.collins@gmail.com>
CC: "internals@lists.php.net" <internals@lists.php.net>
References: <CAGa2bXYf7Bi1QPya96t0Z3cQkTWBCOG2p2gCLZSUTY=_gNp_kw@mail.gmail.com> <54F0540C.1040807@gmail.com> <CAGa2bXbgBT6A3_-ihQyNrgE-ayVX+6UtdtJOX4=xQYYz+WFFwQ@mail.gmail.com>
In-Reply-To: <CAGa2bXbgBT6A3_-ihQyNrgE-ayVX+6UtdtJOX4=xQYYz+WFFwQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [RFC][DISCUSSION] Remove allow_url_include INI
From: smalyshev@gmail.com (Stanislav Malyshev)

Hi!

> I have no intention to change current include/require syntax, except adding
> 2nd parameter.

This is a bit misleading since include is not a function, so there's no
1st parameter. Instead, it's a syntax construct. Of course, syntax
construct's grammar can be changed, though I'm not sure if that wouldn't
lead to unexpected effects in the parser. But maybe not.

Bigger issue is that if somebody is knowledgeable enough in security to
go and change their code to use this option, why they aren't
knowledgeable enough to fix their includes so this option is not required?

-- 
Stas Malyshev
smalyshev@gmail.com