Re: RFC: source files without opening tag

From: Yasuo Ohgaki Date: Mon, 09 Apr 2012 19:36:26 +0000

Subject: Re: RFC: source files without opening tag

References: 1 2 3 4 5 6 7 8 9 10 Groups: php.internals

Request: Send a blank email to [email protected] to get a copy of this message

Hi,

Tom's FRC is trying to introduce tag less PHP script.
However, it does not fix well known PHP vulnerability. i.e. LFI/RFI
IMHO, this change introduce more complexity and do not solve
any problem.

Making PHP tag a non mandatory would solve the well known
vulnerability and do not introduce any new function. It's also fully
compatible to existing codes.

https://wiki.php.net/rfc/nophptags

There would be many developers/administrators who would
like to be protected from code like "include $_GET['var']".
nophptags RFC protects systems from this kind of fatal
vulnerable codes.

Regards,

--
Yasuo Ohgaki
[email protected]

Thread (109 messages)

Tom BoutellSun, 08 Apr 2012 16:32:23 +0000
Kris CraigSun, 08 Apr 2012 21:10:52 +0000
Tom BoutellSun, 08 Apr 2012 21:25:08 +0000
Yasuo OhgakiSun, 08 Apr 2012 21:49:43 +0000
Yasuo OhgakiSun, 08 Apr 2012 21:55:28 +0000
Tom BoutellSun, 08 Apr 2012 22:20:20 +0000
Yasuo OhgakiSun, 08 Apr 2012 22:45:48 +0000
Tom BoutellSun, 08 Apr 2012 23:14:08 +0000
Kris CraigMon, 09 Apr 2012 05:16:55 +0000
Tom BoutellMon, 09 Apr 2012 10:55:39 +0000
Yasuo OhgakiMon, 09 Apr 2012 05:48:24 +0000
Yasuo OhgakiMon, 09 Apr 2012 06:17:20 +0000
Tom BoutellMon, 09 Apr 2012 10:57:31 +0000
Arvids GodjuksTue, 10 Apr 2012 00:07:38 +0000
Yasuo OhgakiTue, 10 Apr 2012 00:19:13 +0000
Tom BoutellMon, 09 Apr 2012 11:29:09 +0000Re: RFC: source files without opening tag
Ángel GonzálezMon, 09 Apr 2012 12:26:39 +0000Re: Re: RFC: source files without opening tag
Rick WIdmerMon, 09 Apr 2012 13:16:42 +0000
Tom BoutellMon, 09 Apr 2012 13:40:07 +0000
CrocodileMon, 09 Apr 2012 14:02:24 +0000
Luke ScottMon, 09 Apr 2012 15:43:37 +0000
Tom BoutellMon, 09 Apr 2012 16:16:18 +0000
Luke ScottMon, 09 Apr 2012 17:10:55 +0000
Tom BoutellMon, 09 Apr 2012 17:22:07 +0000
Tom BoutellMon, 09 Apr 2012 17:23:05 +0000
Luke ScottMon, 09 Apr 2012 17:36:38 +0000
Ángel GonzálezMon, 09 Apr 2012 19:32:27 +0000
Luke ScottMon, 09 Apr 2012 19:57:18 +0000
Ralph SchindlerMon, 09 Apr 2012 17:43:10 +0000
Luke ScottMon, 09 Apr 2012 17:51:06 +0000
Tom BoutellMon, 09 Apr 2012 18:25:59 +0000
Ralph SchindlerMon, 09 Apr 2012 19:20:34 +0000
Yasuo OhgakiMon, 09 Apr 2012 19:36:26 +0000
Stas MalyshevMon, 09 Apr 2012 19:38:24 +0000
Yasuo OhgakiMon, 09 Apr 2012 19:45:56 +0000
Stas MalyshevMon, 09 Apr 2012 20:04:54 +0000
Yasuo OhgakiMon, 09 Apr 2012 20:20:23 +0000
Kris CraigMon, 09 Apr 2012 20:41:21 +0000
Rick WIdmerMon, 09 Apr 2012 20:58:42 +0000
Tom BoutellMon, 09 Apr 2012 21:03:04 +0000
Kris CraigMon, 09 Apr 2012 21:22:07 +0000
Tom BoutellMon, 09 Apr 2012 21:24:44 +0000
Kris CraigMon, 09 Apr 2012 21:32:03 +0000
Luke ScottMon, 09 Apr 2012 21:38:15 +0000
Kris CraigMon, 09 Apr 2012 22:06:49 +0000
Tom BoutellMon, 09 Apr 2012 22:17:51 +0000
Luke ScottMon, 09 Apr 2012 22:34:47 +0000
Tom BoutellMon, 09 Apr 2012 22:53:03 +0000
Luke ScottMon, 09 Apr 2012 23:06:12 +0000
Tom BoutellMon, 09 Apr 2012 23:47:49 +0000
Kris CraigTue, 10 Apr 2012 00:02:30 +0000
Luke ScottTue, 10 Apr 2012 01:15:15 +0000
Kris CraigTue, 10 Apr 2012 01:22:51 +0000
Yasuo OhgakiTue, 10 Apr 2012 02:02:54 +0000
Kris CraigTue, 10 Apr 2012 02:15:40 +0000
Yasuo OhgakiTue, 10 Apr 2012 02:29:00 +0000
Luke ScottTue, 10 Apr 2012 02:29:44 +0000
Yasuo OhgakiTue, 10 Apr 2012 02:50:08 +0000
Luke ScottTue, 10 Apr 2012 03:03:54 +0000
Yasuo OhgakiTue, 10 Apr 2012 03:25:23 +0000
Luke ScottTue, 10 Apr 2012 03:30:38 +0000
Chris StocktonTue, 10 Apr 2012 04:08:47 +0000
Yasuo OhgakiTue, 10 Apr 2012 04:17:06 +0000
Yasuo OhgakiTue, 10 Apr 2012 04:24:33 +0000
Luke ScottTue, 10 Apr 2012 00:27:19 +0000
Tom BoutellTue, 10 Apr 2012 00:38:21 +0000
Luke ScottTue, 10 Apr 2012 01:11:38 +0000
Tom BoutellTue, 10 Apr 2012 01:22:29 +0000
Luke ScottTue, 10 Apr 2012 02:20:32 +0000
Yasuo OhgakiTue, 10 Apr 2012 02:44:15 +0000
Luke ScottTue, 10 Apr 2012 02:48:45 +0000
Yasuo OhgakiTue, 10 Apr 2012 03:05:36 +0000
Luke ScottTue, 10 Apr 2012 03:39:52 +0000
Yasuo OhgakiTue, 10 Apr 2012 04:07:58 +0000
Luke ScottTue, 10 Apr 2012 04:23:58 +0000
Yasuo OhgakiTue, 10 Apr 2012 05:03:12 +0000
Luke ScottTue, 10 Apr 2012 05:35:35 +0000
Kris CraigTue, 10 Apr 2012 06:53:38 +0000
Yasuo OhgakiTue, 10 Apr 2012 07:37:26 +0000
Yasuo OhgakiTue, 10 Apr 2012 07:30:26 +0000
Adam HarveyTue, 10 Apr 2012 08:01:53 +0000
Ferenc KovacsTue, 10 Apr 2012 08:23:07 +0000
Too deep!
Tom BoutellTue, 10 Apr 2012 12:35:19 +0000
Too deep!
Kris CraigMon, 09 Apr 2012 22:54:05 +0000
Luke ScottMon, 09 Apr 2012 23:08:58 +0000
Tom BoutellMon, 09 Apr 2012 23:46:28 +0000
Kris CraigMon, 09 Apr 2012 21:06:13 +0000
Yasuo OhgakiMon, 09 Apr 2012 20:15:00 +0000
Stas MalyshevMon, 09 Apr 2012 20:38:03 +0000
Yasuo OhgakiMon, 09 Apr 2012 23:35:32 +0000
Yasuo OhgakiMon, 09 Apr 2012 23:54:19 +0000
Stas MalyshevTue, 10 Apr 2012 03:05:00 +0000
Yasuo OhgakiTue, 10 Apr 2012 03:12:12 +0000
Stas MalyshevTue, 10 Apr 2012 03:02:35 +0000
Luke ScottMon, 09 Apr 2012 20:18:50 +0000
Chris StocktonMon, 09 Apr 2012 18:23:16 +0000
Ángel GonzálezMon, 09 Apr 2012 19:21:46 +0000
Luke ScottMon, 09 Apr 2012 20:06:12 +0000
Ángel GonzálezTue, 10 Apr 2012 15:57:46 +0000
Chris StocktonTue, 10 Apr 2012 17:22:29 +0000
Ángel GonzálezTue, 10 Apr 2012 20:49:50 +0000
Chris StocktonMon, 09 Apr 2012 20:41:40 +0000
Ángel GonzálezTue, 10 Apr 2012 15:53:00 +0000

« previous	php.internals (#59535)	next »

From:	Yasuo Ohgaki	Date:	Mon, 09 Apr 2012 19:36:26 +0000
Subject:	Re: RFC: source files without opening tag
References:	1 2 3 4 5 6 7 8 9 10	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message