[php-maint] Bug#579922: Bug#579922: libapache2-mod-php5: change allow_url_fopen = Off
thijs at debian.org
Sun Aug 29 11:11:29 UTC 2010
On woansdei 5 Maaie 2010, Raphael Geissert wrote:
> On Sunday 02 May 2010 05:47:13 Toni Mueller wrote:
> > I suggest that this be changed to
> > allow_url_fopen = Off
> > to reduce the change of PHP applications being exploited, and, if you
> > really need to, place a big flashing warning around it to warn users
> > from changing it to "On" again.
> No, there are fair use cases for using stream wrappers and making this
> change would break many applications.
> Feel free to take this upstream and make the change happen there.
Note that since PHP5 include/require have a separate allow_url_include
parameter which *does* default to Off, making having allow_url_fopen On a lot
less of a risk as it has been in the 4.x era.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 490 bytes
Desc: This is a digitally signed message part.
More information about the pkg-php-maint