Hello,
On Mon, Apr 9, 2012 at 8:25 PM, Yasuo Ohgaki <[email protected]> wrote:
> Hi,
>
> There is valid usage for allow_url_include=on.
>
> For instance, if both server and client is PHP, we could use var_export()
> to receive messages.
>
> Client
> ----
> <?php
> include('http://server/send_my_data.php');
> ?>
> ----
>
> Server: /send_my_data.php
> ----
> <?php
> echo "$response = ";
> var_export($some_useful_data);
> ?>
> ----
>
> This is the most efficient way to exchange data between PHP servers.
> People does this should not security issues, though.
>
> BTW, do you remember allow_rul_fopen was changed to INI_SYSTEM?
> This should be INI_ALL as well as allow_rul_include, IMO.
>
> Regards,
>
Perhaps you could bring your discussion to the php general mailing
list as opposed to the internals? You might find a good bit of
reasonable feedback and information for handling user input there, in
the exact scenarios you mentioned.
-Chris