Re: RFC: source files without opening tag

From: Luke Scott Date: Tue, 10 Apr 2012 03:39:52 +0000

Subject: Re: RFC: source files without opening tag

References: 1 2 3 4 5 6 7 Groups: php.internals

Request: Send a blank email to [email protected] to get a copy of this message

> It's easy to say "write correct code. don't write stupid code", but
> we cannot enforce it in real world.
>
> I'm concerning both arbitrarily script execution and arbitrarily
> information disclosure. Good example is  LFI and SQL injection
> attack.

Uh yeah there is. I won't employ someone who insists on writing code
like this. I dont know anyone who will. I also wont use libraries that
have code like this. Not only is it insecure but an improper use of
these constructs/functions.

All this has nothing to do with Tom's RFC. It has nothing to do with
having a <?php tag or not.

I would actually suggest that require/include stop supporting remote
files all together. But that can be a different RFC.

This "security problem" isn't a problem with common sense.

Luke

Thread (109 messages)

Tom BoutellSun, 08 Apr 2012 16:32:23 +0000
Kris CraigSun, 08 Apr 2012 21:10:52 +0000
Tom BoutellSun, 08 Apr 2012 21:25:08 +0000
Yasuo OhgakiSun, 08 Apr 2012 21:49:43 +0000
Yasuo OhgakiSun, 08 Apr 2012 21:55:28 +0000
Tom BoutellSun, 08 Apr 2012 22:20:20 +0000
Yasuo OhgakiSun, 08 Apr 2012 22:45:48 +0000
Tom BoutellSun, 08 Apr 2012 23:14:08 +0000
Kris CraigMon, 09 Apr 2012 05:16:55 +0000
Tom BoutellMon, 09 Apr 2012 10:55:39 +0000
Yasuo OhgakiMon, 09 Apr 2012 05:48:24 +0000
Yasuo OhgakiMon, 09 Apr 2012 06:17:20 +0000
Tom BoutellMon, 09 Apr 2012 10:57:31 +0000
Arvids GodjuksTue, 10 Apr 2012 00:07:38 +0000
Yasuo OhgakiTue, 10 Apr 2012 00:19:13 +0000
Tom BoutellMon, 09 Apr 2012 11:29:09 +0000Re: RFC: source files without opening tag
Ángel GonzálezMon, 09 Apr 2012 12:26:39 +0000Re: Re: RFC: source files without opening tag
Rick WIdmerMon, 09 Apr 2012 13:16:42 +0000
Tom BoutellMon, 09 Apr 2012 13:40:07 +0000
CrocodileMon, 09 Apr 2012 14:02:24 +0000
Luke ScottMon, 09 Apr 2012 15:43:37 +0000
Tom BoutellMon, 09 Apr 2012 16:16:18 +0000
Luke ScottMon, 09 Apr 2012 17:10:55 +0000
Tom BoutellMon, 09 Apr 2012 17:22:07 +0000
Tom BoutellMon, 09 Apr 2012 17:23:05 +0000
Luke ScottMon, 09 Apr 2012 17:36:38 +0000
Ángel GonzálezMon, 09 Apr 2012 19:32:27 +0000
Luke ScottMon, 09 Apr 2012 19:57:18 +0000
Ralph SchindlerMon, 09 Apr 2012 17:43:10 +0000
Luke ScottMon, 09 Apr 2012 17:51:06 +0000
Tom BoutellMon, 09 Apr 2012 18:25:59 +0000
Ralph SchindlerMon, 09 Apr 2012 19:20:34 +0000
Yasuo OhgakiMon, 09 Apr 2012 19:36:26 +0000
Stas MalyshevMon, 09 Apr 2012 19:38:24 +0000
Yasuo OhgakiMon, 09 Apr 2012 19:45:56 +0000
Stas MalyshevMon, 09 Apr 2012 20:04:54 +0000
Yasuo OhgakiMon, 09 Apr 2012 20:20:23 +0000
Kris CraigMon, 09 Apr 2012 20:41:21 +0000
Rick WIdmerMon, 09 Apr 2012 20:58:42 +0000
Tom BoutellMon, 09 Apr 2012 21:03:04 +0000
Kris CraigMon, 09 Apr 2012 21:22:07 +0000
Tom BoutellMon, 09 Apr 2012 21:24:44 +0000
Kris CraigMon, 09 Apr 2012 21:32:03 +0000
Luke ScottMon, 09 Apr 2012 21:38:15 +0000
Kris CraigMon, 09 Apr 2012 22:06:49 +0000
Tom BoutellMon, 09 Apr 2012 22:17:51 +0000
Luke ScottMon, 09 Apr 2012 22:34:47 +0000
Tom BoutellMon, 09 Apr 2012 22:53:03 +0000
Luke ScottMon, 09 Apr 2012 23:06:12 +0000
Tom BoutellMon, 09 Apr 2012 23:47:49 +0000
Kris CraigTue, 10 Apr 2012 00:02:30 +0000
Luke ScottTue, 10 Apr 2012 01:15:15 +0000
Kris CraigTue, 10 Apr 2012 01:22:51 +0000
Yasuo OhgakiTue, 10 Apr 2012 02:02:54 +0000
Kris CraigTue, 10 Apr 2012 02:15:40 +0000
Yasuo OhgakiTue, 10 Apr 2012 02:29:00 +0000
Luke ScottTue, 10 Apr 2012 02:29:44 +0000
Yasuo OhgakiTue, 10 Apr 2012 02:50:08 +0000
Luke ScottTue, 10 Apr 2012 03:03:54 +0000
Yasuo OhgakiTue, 10 Apr 2012 03:25:23 +0000
Luke ScottTue, 10 Apr 2012 03:30:38 +0000
Chris StocktonTue, 10 Apr 2012 04:08:47 +0000
Yasuo OhgakiTue, 10 Apr 2012 04:17:06 +0000
Yasuo OhgakiTue, 10 Apr 2012 04:24:33 +0000
Luke ScottTue, 10 Apr 2012 00:27:19 +0000
Tom BoutellTue, 10 Apr 2012 00:38:21 +0000
Luke ScottTue, 10 Apr 2012 01:11:38 +0000
Tom BoutellTue, 10 Apr 2012 01:22:29 +0000
Luke ScottTue, 10 Apr 2012 02:20:32 +0000
Yasuo OhgakiTue, 10 Apr 2012 02:44:15 +0000
Luke ScottTue, 10 Apr 2012 02:48:45 +0000
Yasuo OhgakiTue, 10 Apr 2012 03:05:36 +0000
Luke ScottTue, 10 Apr 2012 03:39:52 +0000
Yasuo OhgakiTue, 10 Apr 2012 04:07:58 +0000
Luke ScottTue, 10 Apr 2012 04:23:58 +0000
Yasuo OhgakiTue, 10 Apr 2012 05:03:12 +0000
Luke ScottTue, 10 Apr 2012 05:35:35 +0000
Kris CraigTue, 10 Apr 2012 06:53:38 +0000
Yasuo OhgakiTue, 10 Apr 2012 07:37:26 +0000
Yasuo OhgakiTue, 10 Apr 2012 07:30:26 +0000
Adam HarveyTue, 10 Apr 2012 08:01:53 +0000
Ferenc KovacsTue, 10 Apr 2012 08:23:07 +0000
Too deep!
Tom BoutellTue, 10 Apr 2012 12:35:19 +0000
Too deep!
Kris CraigMon, 09 Apr 2012 22:54:05 +0000
Luke ScottMon, 09 Apr 2012 23:08:58 +0000
Tom BoutellMon, 09 Apr 2012 23:46:28 +0000
Kris CraigMon, 09 Apr 2012 21:06:13 +0000
Yasuo OhgakiMon, 09 Apr 2012 20:15:00 +0000
Stas MalyshevMon, 09 Apr 2012 20:38:03 +0000
Yasuo OhgakiMon, 09 Apr 2012 23:35:32 +0000
Yasuo OhgakiMon, 09 Apr 2012 23:54:19 +0000
Stas MalyshevTue, 10 Apr 2012 03:05:00 +0000
Yasuo OhgakiTue, 10 Apr 2012 03:12:12 +0000
Stas MalyshevTue, 10 Apr 2012 03:02:35 +0000
Luke ScottMon, 09 Apr 2012 20:18:50 +0000
Chris StocktonMon, 09 Apr 2012 18:23:16 +0000
Ángel GonzálezMon, 09 Apr 2012 19:21:46 +0000
Luke ScottMon, 09 Apr 2012 20:06:12 +0000
Ángel GonzálezTue, 10 Apr 2012 15:57:46 +0000
Chris StocktonTue, 10 Apr 2012 17:22:29 +0000
Ángel GonzálezTue, 10 Apr 2012 20:49:50 +0000
Chris StocktonMon, 09 Apr 2012 20:41:40 +0000
Ángel GonzálezTue, 10 Apr 2012 15:53:00 +0000

« previous	php.internals (#59612)	next »

From:	Luke Scott	Date:	Tue, 10 Apr 2012 03:39:52 +0000
Subject:	Re: RFC: source files without opening tag
References:	1 2 3 4 5 6 7	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message