PHPDeveloper.org http://www.phpdeveloper.org Up-to-the Minute PHP News, views and community en-us Sat, 25 May 2013 18:54:24 -0500 30 <![CDATA[Hiveminds Magazine: PHP: What to Do When Your Web Host Turns Off Fopen]]> http://www.phpdeveloper.org/news/7004 http://www.phpdeveloper.org/news/7004 Content no longer valid

]]> Mon, 01 Jan 2007 08:43:00 -0600 <![CDATA[PHP Security Blog: PHP 5.2.0 and allow_url_include]]> http://www.phpdeveloper.org/news/6634 http://www.phpdeveloper.org/news/6634 On the PHP Security Blog, Stefan Esser has posted some of his own opinions on the latest PHP release - version 5.2 - and some of the security implications of it.

Often users have requested that PHP allows disabling URL support for include and require statements while allowing it for the other filesystem functions. Because of this it was planned to have allow_url_include in PHP 6. After some discussion the feature was backported to the PHP 5.2.0 tree.

He also notes that, unfortunately, this functionality only protects against the http(s) and ftp(s) kinds of URLs and not some of the new data URLs included in the functionality of PHP 5.2. He gives two code examples of this kind of issue - one using the "pph://input" and the other using a base64 encoded value.

]]> Fri, 03 Nov 2006 09:41:23 -0600