#40651 [NEW]: Remote file inclusion

florin at flachi dot net · florin at flachi dot net

From: florin at flachi dot net
Operating system: Irrelevent
PHP version: 5.2.1
PHP Bug Type: Feature/Change Request
Bug description: Remote file inclusion

Description:
------------
Many webhosting companies and not only have a lot of problems because of
the ability of users to include remote files. This can be stopped by
disabling allow_url_fopen but that will also stop to fopen () remote
files. This is widely used by a lot of scripts and users get angry all the
time if we disable allow_url_fopen.

All these things can be solved by creating an option in php.ini to allow
administrators to disable users to include remote files. Thank you.

--
Edit bug report at [url]http://bugs.php.net/?id=40651&edit=1[/url]
--
Try a CVS snapshot (PHP 4.4): [url]http://bugs.php.net/fix.php?id=40651&r=trysnapshot44[/url]
Try a CVS snapshot (PHP 5.2): [url]http://bugs.php.net/fix.php?id=40651&r=trysnapshot52[/url]
Try a CVS snapshot (PHP 6.0): [url]http://bugs.php.net/fix.php?id=40651&r=trysnapshot60[/url]
Fixed in CVS: [url]http://bugs.php.net/fix.php?id=40651&r=fixedcvs[/url]
Fixed in release: [url]http://bugs.php.net/fix.php?id=40651&r=alreadyfixed[/url]
Need backtrace: [url]http://bugs.php.net/fix.php?id=40651&r=needtrace[/url]
Need Reproduce Script: [url]http://bugs.php.net/fix.php?id=40651&r=needscript[/url]
Try newer version: [url]http://bugs.php.net/fix.php?id=40651&r=oldversion[/url]
Not developer issue: [url]http://bugs.php.net/fix.php?id=40651&r=support[/url]
Expected behavior: [url]http://bugs.php.net/fix.php?id=40651&r=notwrong[/url]
Not enough info: [url]http://bugs.php.net/fix.php?id=40651&r=notenoughinfo[/url]
Submitted twice: [url]http://bugs.php.net/fix.php?id=40651&r=submittedtwice[/url]
register_globals: [url]http://bugs.php.net/fix.php?id=40651&r=globals[/url]
PHP 3 support discontinued: [url]http://bugs.php.net/fix.php?id=40651&r=php3[/url]
Daylight Savings: [url]http://bugs.php.net/fix.php?id=40651&r=dst[/url]
IIS Stability: [url]http://bugs.php.net/fix.php?id=40651&r=isapi[/url]
Install GNU Sed: [url]http://bugs.php.net/fix.php?id=40651&r=gnused[/url]
Floating point limitations: [url]http://bugs.php.net/fix.php?id=40651&r=float[/url]
No Zend Extensions: [url]http://bugs.php.net/fix.php?id=40651&r=nozend[/url]
MySQL Configuration Error: [url]http://bugs.php.net/fix.php?id=40651&r=mysqlcfg[/url]

derick@php.net · derick@php.net

ID: 40651
Updated by: [email]derick@php.net[/email]
Reported By: florin at flachi dot net
-Status: Open
+Status: Closed
Bug Type: Feature/Change Request
Operating System: Irrelevent
PHP Version: 5.2.1
New Comment:

We already have this:

[url]http://no.php.net/manual/en/ref.filesystem.php#ini.allow-url-include[/url]

Previous Comments:
------------------------------------------------------------------------

[2007-02-27 00:40:42] florin at flachi dot net

Description:
------------
Many webhosting companies and not only have a lot of problems because
of the ability of users to include remote files. This can be stopped by
disabling allow_url_fopen but that will also stop to fopen () remote
files. This is widely used by a lot of scripts and users get angry all
the time if we disable allow_url_fopen.

All these things can be solved by creating an option in php.ini to
allow administrators to disable users to include remote files. Thank
you.

------------------------------------------------------------------------

--
Edit this bug report at [url]http://bugs.php.net/?id=40651&edit=1[/url]

#40651 [NEW]: Remote file inclusion

Thread Tools

Display

#40651 [NEW]: Remote file inclusion

Similar Questions and Discussions

Remote.pm (File::Remote) problem

[#21740592] Inclusion in Google index

Inclusion Weirdness

Non-Core Module Inclusion

Header Inclusion style

#40651 [Opn->Csd]: Remote file inclusion

Posting Permissions