On Apr 9, 2012, at 8:26 PM, Yasuo Ohgaki <[email protected]> wrote:
> Hi,
>
> 2012/4/10 Luke Scott <[email protected]>:
>> On Apr 9, 2012, at 7:50 PM, Yasuo Ohgaki <[email protected]> wrote:
>>
>>> Please don't repeat mistakes for allow_url_include or allow_url_include.
>>> If admin would like to enforce programmer not to change php.ini.
>>> They should use Apache httpd and admin_flag/admin_value.
>>>
>>> Programmers should have as much control as possible to be
>>> creative. Optional embedded mode is one of them. There are
>>> too many thing that programmers should worry. If it can be turned
>>> off, they are free from it.
>>
>> I'm not sure we're talking about the same thing. I'm really confused
>> about the objections.
>>
>> The ini options you mention are not mistakes. You should never be
>> using include/require for anything other than including local PHP
>> files. These constructs should have never supported remote files. That
>
> There is valid usage for allow_url_include=on.
>
> For instance, if both server and client is PHP, we could use var_export()
> to receive messages.
>
> Client
> ----
> <?php
> include('http://server/send_my_data.php');
> ?>
> ----
>
> Server: /send_my_data.php
> ----
> <?php
> echo "$response = ";
> var_export($some_useful_data);
> ?>
> ----
You should NEVER do this. There are much better ways of communicating
between servers.
Luke