From: Michael Wallner <mike@php.net>
Date: Mon, 24 Jul 2006 12:15:28 +0000 (+0000)
Subject: - note about allow_url_include
X-Git-Tag: php-5.2.0RC1~8
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=467e129ce5aae75bc23ad69f7c4f66985382bd5a;p=php

- note about allow_url_include
---

diff --git a/README.UPDATE_5_2 b/README.UPDATE_5_2
index 77e022f4ce..06c569ca6c 100644
--- a/README.UPDATE_5_2
+++ b/README.UPDATE_5_2
@@ -40,3 +40,12 @@ PHP 5.2 Update info or NEWS explained
   no longer work for a file with the name 'data' accessed without any path. IF
   you need to do so you have to prefix the filename with the "file:" protocol.
   For the functionality itself look here http://www.faqs.org/rfcs/rfc2397.html.
+
+- Added allow_url_include ini directive to complement allow_url_fopen. (Rasmus)
+
+  With this option one can now distinguish between standard file operations on
+  remote files and inclusion of remote files.  While the former is usually
+  desired, the latter implies security risks if used naivly.  Starting with
+  PHP-5.2 it is now possible to allow standard file operations while
+  dissalowing inclusion of remote files, which will also be the default
+  configuration.